Page 170 of 38413 results (0.018 seconds)

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions. ... This flaw allows an attacker to perform a denial of service (DoS) attack via introspection queries. • https://github.com/graphql-java/graphql-java/releases/tag/v21.5 https://github.com/graphql-java/graphql-java/releases/tag/v20.9 https://github.com/graphql-java/graphql-java/releases/tag/v19.11 https://github.com/graphql-java/graphql-java/commit/97743bc1b5caa2b0bd894dc8e128b47e4d771e4a https://github.com/graphql-java/graphql-java/discussions/3641 https://github.com/graphql-java/graphql-java/pull/3539 https://access.redhat.com/security/cve/CVE-2024-40094 https://bugzilla.redhat.com/show_bug • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0

A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5 https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/vulDescription.md https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/poc https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w98-cp_block-5c0-cute_png-642c5/poc/sample13.png https://github.com/Helson-S/FuzzyTesting/blob/master&#x • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects. Prototype Pollution en chargeover redoc v2.0.9-rc.69 permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) y provocar otros impactos a través de la función mergeObjects. • https://gist.github.com/mestrtee/693ef1c8b0a5ff1ae19f253381711f3e • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 6.2EPSS: 0%CPEs: -EXPL: 0

A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. • https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32 https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/vulDescription.md https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/poc https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize-cli-220c32/poc/sample18.png https://github.com/Helson-S/FuzzyTesting/blob/master/hicolor/heapof-w1-png_quantize&# • CWE-122: Heap-based Buffer Overflow •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects. Prototype Pollution en 75 lb deep-merge 1.1.1 permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) y provocar otros impactos mediante métodos de fusión de lodash para fusionar objetos. • https://gist.github.com/mestrtee/b20c3aee8bea16e1863933778da6e4cb • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •