1248 matches found
CVE-2023-37904 Discourse Race Condition in Accept Invite
Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the stable branch and version...
CLSA-2023-1689008977 cups: Fix of CVE-2023-34241
CVE-2023-34241: Fix use-after-free for CupsAcceptClient...
PT-2023-35896 · Unknown · Javaparser
Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: The issue is related to a security exception in the JavaParser library. A crash occurs due to a security exception, with the crash state involving the TreeVisitorValidator.accept and...
golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...
Governance NFT can be burned to DoS accept()
Lines of code Vulnerability details Impact accept can be DoS'd by burning governance NFTs. Authorities can effectively veto proposals. Proof of Concept The new lastBurnTimestamp reverts PartyGovernance.accept if lastBurnTimestamp == block.timestamp. lastBurnTimestamp is set in...
golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability...
gssntlmssp: incorrect free when decoding target information
A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. An incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that needs to...
gssntlmssp: multiple out-of-bounds read when decoding NTLM fields
A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. Multiple out-of-bounds reads occur when decoding NTLM fields and can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of the consistency of t...
kernel: udp: Fix a data-race around sysctl_udp_l3mdev_accept.
In the Linux kernel, the following vulnerability has been resolved: udp: Fix a data-race around sysctludpl3mdevaccept. While reading sysctludpl3mdevaccept, it can be changed concurrently. Thus, we need to add READONCE to its reader...
Command injection
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NSv4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations...
PT-2023-23556 · Edimax · Edimax Wireless Router N300
Name of the Vulnerable Software and Affected Versions: Edimax Wireless Router N300 Firmware BR-6428NS v4 Description: A Command Injection issue allows an attacker to execute arbitrary code via the formAccept function in "/bin/webs" without any limitations. Recommendations: For Edimax Wireless...
kernel: tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Fix a data-race around sysctltcpfwmarkaccept. While reading sysctltcpfwmarkaccept, it can be changed concurrently. Thus, we need to add READONCE to its reader...
kernel: tipc: fix a null-ptr-deref in tipc_topsrv_accept
In the Linux kernel, the following vulnerability has been resolved: tipc: fix a null-ptr-deref in tipctopsrvaccept syzbot found a crash in tipctopsrvaccept: KASAN: null-ptr-deref in range 0x0000000000000008-0x000000000000000f Workqueue: tipcrcv tipctopsrvaccept RIP: 0010:kernelaccept+0x22d/0x350...
PT-2025-8532 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists in the Linux kernel related to the sysctl tcp l3mdev accept variable. This issue occurs because the variable can be changed concurrently while being read, whic...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : WebKitGTK vulnerabilities (USN-6061-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6061-1 advisory. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious...
python-django: Potential denial-of-service via Accept-Language headers
A flaw was found in python-django. The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial of service vector via excessive memory usage if large header values are sent...
python-django: Potential denial-of-service via Accept-Language headers
A flaw was found in python-django. The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial of service vector via excessive memory usage if large header values are sent...
Debian DSA-5397-1 : wpewebkit - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5397 advisory. - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
USN-6053-1 php7.0 vulnerability
It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations...
Security fix for the ALT Linux 10 package python3-module-django version 3.2.18-alt1
3.2.18-alt1 built March 31, 2023 Alexey Shabalin in task 317508 March 24, 2023 Alexey Shabalin - New version 3.2.18. - Fixes for the following security vulnerabilities: + CVE-2023-23969 Potential denial-of-service via Accept-Language headers + CVE-2023-24580 Potential denial-of-service...