NocoDB: Attachment Size Limit Bypass via Upload-by-URL

Summary The upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured per-file size limit. Details The attachments service now checks...

GHSA-8RWR-F68V-CVW6 NocoDB: Attachment Size Limit Bypass via Upload-by-URL

Summary The upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured per-file size limit. Details The attachments service now checks...

GHSA-99VC-2JX2-688P NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion

Summary The uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to download arbitrarily large files, exhausting disk space and causing denial of...

PT-2026-42679

Name of the Vulnerable Software and Affected Versions NocoDB affected versions not specified Description An issue exists where the upload-by-URL path fails to enforce the NC ATTACHMENT FIELD SIZE limit against the remote file's advertised Content-Length or the decoded length of a data: URI. This...

PT-2026-31953

Summary The Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By setting Size to 0 in the JSON while including large compressed file entries ...

EUVD-2007-4225

Malware in sbrugna...

CVE-2009-5130

The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service service crash via an attachment with a crafted size...

BIT-COSIGN-2024-29902 Cosign vulnerable to system-wide denial of service via malicious attachments

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as ...

CVE-2024-29902

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as ...

PT-2024-20593 · Nginx +1 · Nginx +1

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed version Description: The issue affects Discourse, an open source platform for community discussion, due to the lack of a rate limit on the "POST /uploads" endpoint. This mak...

Unable to Open Attachment in SecureMail More Than Certain Size

When attempting to open an attachment in Secure Mail which is greater than 'x' MB, it fails to open. The following error appears: "Sorry. There was a problem downloading this file" Example: Attachment 10MB or greater fails to open However, attachment with 9 MB or smaller size opens without any is...

CVE-2009-5130

The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service service crash via an attachment with a crafted size...

CVE-2009-5130

The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service service crash via an attachment with a crafted size...

DOS issue in Astaro Version 7 packet filter reporting, POSSIBLE security issue in POP3 proxy

I have details about the DOS issue on my blog with links to the Astaro forums. http://www.hescominsoon.com/archives/773 Version affected: ALL Version 7 systems. This is easily reproducible. Just setup a BT client behind the astaro and do not setup a packetfilter and NAT rule for the BT traffic...