4728 matches found
SUSE CVE-2023-4232
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodestatusreport function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound...
SUSE CVE-2023-4234
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodesubmitreport function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound...
SUSE CVE-2023-4235
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodedeliverreport function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound...
GHSA-MPWQ-J3XF-7M5W The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
An issue was found in the redirecturi validation logic that allows for a bypass of otherwise explicitly allowed hosts. The problem arises in the verifyRedirectUri method, which attempts to enforce rules on user-controllable input, but essentially causes a desynchronization in how Keycloak and...
PT-2023-9381 · Ofono +4 · Ofono +4
Name of the Vulnerable Software and Affected Versions: ofono affected versions not specified Description: A stack-based buffer overflow flaw exists in the decode deliver function within ofono, an Open Source Telephony on Linux, during SMS decoding. The issue arises from a missing bound check...
Node.js: Denial of Service by resource exhaustion in fetch() brotli decoding
A denial of service vulnerability was identified in Node.js related to resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The issue stems from fetch always decoding Brotli content, allowing an attacker controlling the URL to cause resource exhaustion...
PT-2023-8279 · Ivanti · Ivanti Avalanche
Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche affected versions not specified Description: The issue is related to an XML External Entity XXE vulnerability in the Smart Device Server, which could allow an unauthenticated attacker to leak data or perform a Server-Side...
The vulnerability of the frame decoding function in the Netty network programming framework allows a hacker to trigger a service failure.
The vulnerability of the frame decoding function in the Netty network programming framework is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Acer Wireless Keyboard SK-9662 lies in the insufficient security of its data encryption. This allows a hacker to decode keyboard inputs or insert arbitrary keystrokes.
The vulnerability of the Acer Wireless Keyboard SK-9662 relates to insufficiently secure data encryption. Exploiting this vulnerability allows a malicious actor to decode keyboard inputs or insert arbitrary keystrokes remotely...
GHSA-7787-P7X6-FQ3J Candid infinite decoding loop through specially crafted payload
Impact The Candid library causes a Denial of Service while parsing a specially crafted payload with empty data type. For example, if the payload is record ; empty and the canister interface expects record then the rust candid decoder treats empty as an extra field required by the type. The proble...
Candid infinite decoding loop through specially crafted payload
Impact The Candid library causes a Denial of Service while parsing a specially crafted payload with empty data type. For example, if the payload is record ; empty and the canister interface expects record then the rust candid decoder treats empty as an extra field required by the type. The proble...
CVE-2023-6245
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...
Design/Logic Flaw
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...
CVE-2023-6245
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...
CVE-2023-6245
The CVE-2023-6245 issue affects the Candid library used by Rust candid decoder. A specially crafted payload exploiting the data type empty can cause an infinite decoding loop, effectively triggering a Denial of Service as decoding runs until the execution round instruction limit is reached. Motok...
CVE-2023-6245 Infinite decoding loop through specially crafted payload
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...
CVE-2023-6245 Infinite decoding loop through specially crafted payload
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...
RUSTSEC-2023-0073 Infinite decoding loop through specially crafted payload
The Candid library causes a Denial of Service while parsing a specially crafted payload with empty data type. For example, if the payload is record ; empty and the canister interface expects record then the rust candid decoder treats empty as an extra field required by the type. The problem with...
Google Pixel Buffer Error Vulnerability
Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel that stems from a heap buffer overflow in smsDecodeCodedTpMsg of smsPduCodec.c, which may result in out-of-bounds reads...
PT-2023-35617 · Git +1 · Opensc
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read error. Technical details about the crash include the functions asn1 decode entry, asn1 decode, and s...