GHSA-3PJV-R7W4-2CF5 Grails data binding causes JVM crash and/or other denial of service

Impact A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. Patches Patches are available for Grails 3 and later. Workarounds No workaround is possible except to avoid data binding to request data...

Grails data binding causes JVM crash and/or other denial of service

Impact A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. Patches Patches are available for Grails 3 and later. Workarounds No workaround is possible except to avoid data binding to request data...

PT-2023-29864 · Grails · Grails

Name of the Vulnerable Software and Affected Versions: Grails versions prior to 3.3.17 Grails versions prior to 4.1.3 Grails versions prior to 5.3.4 Grails versions prior to 6.1.0 Description: A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework...

Important: kernel-livepatch-5.10.192-183.736

Issue Overview: An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. CVE-2023-45871 A use-after-free vulnerability in the Linux kernel's netfilter: nftables compone...

Neusoft Corporation Internet Hospital Application Has Logic Flaw Vulnerability

Neusoft Group is an industry-leading global information technology, product and solutions company. A logic flaw vulnerability exists in Neusoft Group Corporation's Internet Hospital application, which can be exploited by attackers to bind other people's information to build a card, resulting in t...

USN-6489-1: Tang vulnerability

Brian McDermott discovered that Tang incorrectly handled permissions when creating/rotating keys. A local attacker could possibly use this issue to read the keys...

USN-6479-1: Linux kernel (OEM) vulnerabilities

Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service system crash. CVE-2023-42756 Alex Birnberg discovered that the netfilter subsystem in the Linux...

CVE-2023-45955

An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands...

CVE-2023-45955

An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands...

SUSE CVE-2021-3480

A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability...

PT-2023-29772 · Nanoleaf · Nanoleaf Light Strip

Name of the Vulnerable Software and Affected Versions: Nanoleaf Light strip version 3.5.10 Description: An issue discovered in the Nanoleaf Light strip allows attackers to cause a denial of service via crafted write binding attribute commands. Recommendations: For version 3.5.10, consider disabli...

PT-2023-27283 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a logic error in the code of CallRedirectionProcessor.java, specifically in the onBindingDied method. This error can lead to a permission bypass, resulting in...

GO-2023-2114 Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting XSS in the IdP context durin...

Cross-site Scripting via missing Binding syntax validation

Impact The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting XSS in the IdP contex...

GHSA-267V-3V32-G6Q5 Cross-site Scripting via missing Binding syntax validation

Impact The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting XSS in the IdP contex...

CVE-2023-45683 Cross site scripting via missing binding syntax validation In ACS location in github.com/crewjam/saml

github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the...

CVE-2023-45683 Cross site scripting via missing binding syntax validation In ACS location in github.com/crewjam/saml

github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the...

nodejs security and bug fix update

An update is available for nodejs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for building fast and scalable...

nodejs: Permissions policies can be bypassed via process.binding

A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...

nodejs: Permissions policies can be bypassed via process.binding

A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...