Linux Distros Unpatched Vulnerability : CVE-2026-54283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect adjustment of desc-count in the iozcrxrecvskb function, which could cause received data to exce...

EUVD-2025-10404

Malicious code in bioql PyPI...

EUVD-2023-28618

Malicious code in bioql PyPI...

On the Existence of Consistent Adversarial Attacks in High-Dimensional Linear Classification

What fundamentally distinguishes an adversarial attack from a misclassification due to limited model expressivity or finite data? In this work, we investigate this question in the setting of high-dimensional binary classification, where statistical effects due to limited data availability play a...

CVE-2023-21174

In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2024-54677

A flaw was found in the "examples" web application of Apache Tomcat. Numerous examples within that application did not place limits on uploaded data. This vulnerability can potentially trigger an out-of-memory OOM error, leading to a denial of service...

SUSE CVE-2024-45395

sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, R...

CVE-2023-21174

In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-21174

In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-21174

In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Design/Logic Flaw

In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-21174

In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

PT-2023-17963 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a permissions bypass in the isPageSearchEnabled function of BillingCycleSettings.java. This could allow a guest user to change data limits, potentially leading to local escalati...

PUB-A-235822222

In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-24603

CVE-2023-24603 affects Open-Xchange OX App Suite prior to backend 7.10.6-rev37. The vulnerability stems from missing size-limits when downloading data, e.g., a crafted iCal feed could deliver unlimited data, potentially leading to information exposure and resource abuse. Public sources in the con...

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.

...

UBUNTU-CVE-2021-46668

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...

The vulnerability of the SProcRenderCompositeGlyphs function in the X Window System X.Org Server implementation allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the SProcRenderCompositeGlyphs function in the X Window System X.Org Server implementation is related to the execution of operations that exceed the permissible buffer data limits. Exploiting this vulnerability can allow attackers to access confidential data, compromise its...