GO-2024-2687 HTTP/2 CONTINUATION flood in net/http

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

go -- http2: close connections when receiving too many headers

The Go project reports: http2: close connections when receiving too many headers Maintaining HPACK state requires that we parse and process all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, we don't allocate memory to store the excess headers but...

Input validation

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 overlapping with the input buffer. When checking RETURNDATASIZE for dynamic...

CVE-2024-24560 Vyper external calls can overflow return data to return input buffer

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 overlapping with the input buffer. When checking RETURNDATASIZE for dynamic...

The vulnerability of the WebITR time tracking system, which stems from the use of rigidly encoded tracking data, allows a perpetrator to elevate their privileges to the level of an administrator.

The vulnerability of the WebITR time tracking system lies in the use of rigidly encoded tracking data. Exploiting this vulnerability could allow a malicious actor to elevate their privileges to the level of an administrator...

Fedora 38 : perl-CryptX (2023-b4b9b38f23)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b4b9b38f23 advisory. Update to 0.080 Fix CVE-2019-17362 in bundled libtomcrypt Tenable has extracted the preceding description block directly from the Fedora security advisory...

Vapor vulnerable to denial of service in URLEncodedFormDecoder

Vapor is an HTTP web framework for Swift. Vapor versions earlier than 4.61.1 are vulnerable to a denial of service in the URLEncodedFormDecoder. Impact When using automatic content decoding, e.g. swift app.post"foo" request - String in let foo = try request.content.decodeFoo.self return "\foo" An...

SUSE CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

Denial of Service (DoS)

Overview vapor/vapor is an a server-side Swift HTTP web framework. Affected versions of this package are vulnerable to Denial of Service DoS. A bug in the Data.initbase32Encoded: function opens up the potential for exposing server memory and/or crashing the server Denial of Service for applicatio...

Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF

The plugin does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues Make a logged in admin open a page...

Agile Point SQL注入漏洞

Agile Point is Agile Point's solution for automating business processes and workflows and building custom applications, portals and SaaS solutions. Agile Point suffers from a SQL injection vulnerability. The vulnerability stems from the lack of validation of the EncodedData parameter in the...

CVE-2022-30619

Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the...

In LibTomCrypt through 1.18.2 the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.

...

redis -- multiple vulnerabilities

The Redis Team reports: CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on so...

EulerOS 2.0 SP2 : libksba (EulerOS-SA-2021-1317)

According to the versions of the libksba package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The appendutf8value function in the DN decoder dn.c in Libksba before 1.3.3 allows remote attackers to cause a denial of service out-of-bounds...

Denial of Service in Cryptacular

CiphertextHeader.java in Cryptacular before 1.2.4, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...

CVE-2020-7226

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...

CVE-2020-7226

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...

Updated libtomcrypt packages fix security vulnerability

Updated libtomcrypt packages fix security vulnerability: Improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data CVE-2019-17362...

SUSE SLED12 Security Update : libtomcrypt (SUSE-SU-2019:3095-1)

This update for libtomcrypt fixes the following issues : CVE-2019-17362: Fixed an improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data bsc1153433. Note that Tenable Network Security has extracted the preceding description...