67 matches found
UBUNTU-CVE-2023-28119
The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...
Crewjam Saml 安全漏洞
Crewjam Saml is a Go-based implementation of a codebase that interacts with Saml format files by the individual developers of Crewjam. A security vulnerability exists in Crewjam Saml versions prior to 0.4.13, which stems from not limiting the size of input to flate.NewReader...
PT-2023-21576 · Saml +1 · Saml +1
Name of the Vulnerable Software and Affected Versions: github.com/crewjam/saml versions prior to 0.4.13 Description: The issue arises from the package's use of flate.NewReader without limiting the size of the input. This allows a user to pass more than 1 MB of data in an HTTP request to the...
moment: inefficient parsing algorithm resulting in DoS
A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...
Discourse 资源管理错误漏洞
Discourse is an open source community discussion platform. The platform includes community, email and chat room features. A resource management error vulnerability exists in Discourse versions prior to 3.0.1 stable, 3.1.0.beta2 beta and test-passed, which stems from a large amount of data floodin...
DEBIAN-CVE-2016-7421
The pvscsiringpopreqdescr function in hw/scsi/vmwpvscsi.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging failure to limit process IO loop to the ring size...
Microsoft Internet Explorer 6 - String To Binary Function Denial of Service
source: https://www.securityfocus.com/bid/19102/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to properly bounds-check user-supplied input. Remote attackers can exploit this issue to crash the application, causing a denial-of-service...