python-kdcproxy: Remote DoS via unbounded TCP upstream buffering

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

EUVD-2018-0696

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-10051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Suricata 4.1.3. If the function filetrackernewchunk encounters an unsafe Somesfcm = ft.newchunk item, then the program enters an...

CVE-2025-4600

A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after ...

SUSE CVE-2016-10087

The pngsettext2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and...

SUSE CVE-2020-28019

Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA...

OESA-2021-1423 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

Critical severity vulnerability that affects org.eclipse.jetty:jetty-server

In Eclipse Jetty, versions 9.2.x and older, 9.3.x, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined...

CVE-2017-7657

In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...

DEBIAN-CVE-2018-5803

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP packets length can be exploited to cause a kernel crash...

CVE-2007-5267

Off-by-one error in ICC profile chunk handling in the pngsetiCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service crash via a crafted PNG image, due to an incorrect fix for CVE-2007-5266...

FreeBSD : png -- multiple vulnerabilities (172acf78-780c-11dc-b3f4-0016179b2dd5)

A Secunia Advisory reports : Some vulnerabilities have been reported in libpng, which can be exploited by malicious people to cause a DoS Denial of Service. Certain errors within libpng, including a logical NOT instead of a bitwise NOT in pngtrtran.c, an error in the 16bit cheap transparency...

png -- multiple vulnerabilities

A Secunia Advisory reports: Some vulnerabilities have been reported in libpng, which can be exploited by malicious people to cause a DoS Denial of Service. Certain errors within libpng, including a logical NOT instead of a bitwise NOT in pngtrtran.c, an error in the 16bit cheap transparency...

Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability

CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability Original release date: June 17, 2002 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Web servers based on Apache code versions 1.3 through 1.3.24 Web servers...