911 matches found
Design/Logic Flaw
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...
CVE-2023-30798
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...
UBUNTU-CVE-2023-30798
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...
CVE-2023-30798
CVE-2023-30798 affects Starlette’s multipart handling via the python-multipart MultipartParser prior to 0.25.0. An unauthenticated remote attacker can exploit unlimited form fields/parts to trigger high memory usage and a denial-of-service of the HTTP service. Public documents confirm Encode Star...
PT-2023-35777 · Git +1 · Libredwg
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 8 crash has been reported. The crash occurs in the dwg encode function, as indicated by the crash state. This issue is relate...
[SECURITY] Fedora 37 Update: ffmpeg-5.1.3-1.fc37
FFmpeg is a leading multimedia framework, able to decode, encode, transcode, mux, demux, stream, filter and play pretty much anything that humans and machines have created. It supports the most obscure ancient formats up to the cutting edge. No matter if they were designed by some standards...
EasyNas 1.1.0 - OS Command Injection Exploit
Exploit Title: EasyNas 1.1.0 - OS Command Injection Exploit Author: Ivan Spiridonov email protected Author Blog: https://xbz0n.medium.com Version: 1.0.0 Vendor home page : https://www.easynas.org Authentication Required: Yes CVE : CVE-2023-0830 !/usr/bin/python3 import requests import sys import...
EasyNas 1.1.0 Command Injection
Exploit Title: EasyNas 1.1.0 - OS Command Injection Date: 2023-02-9 Exploit Author: Ivan Spiridonov [email protected] Author Blog: https://xbz0n.medium.com Version: 1.0.0 Vendor home page : https://www.easynas.org Authentication Required: Yes CVE : CVE-2023-0830 !/usr/bin/python3 import...
DEBIAN-CVE-2023-28879
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...
UBUNTU-CVE-2023-28879
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to [X-Force 247595]
Summary Encode Starlette is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service. This bulletin provides patch information to...
PT-2023-35688 · Git +1 · Libavc
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several functions: isvce cabac flush, isvce cabac encode terminate, and...
Debian: Security Advisory (DLA-711-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5880-2 firefox regressions
USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attribute...
OESA-2023-1117 apr security update
The mission of the Apache Portable Runtime APR project is to create and maintain software libraries that provide a predictable and consistent interface to underlying platform-specific implementations. The primary goal is to provide an API to which software developers may code and be assured of...
OESA-2023-1118 apr security update
The mission of the Apache Portable Runtime APR project is to create and maintain software libraries that provide a predictable and consistent interface to underlying platform-specific implementations. The primary goal is to provide an API to which software developers may code and be assured of...
GHSA-7G5F-WRX8-5CCF GeoServer OGC Filter SQL Injection Vulnerabilities
Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is also supported through the Web Coverage Service WCS protocol for ImageMosaic coverages. SQL Injection...
Code injection
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...
K44503763: libcurl vulnerability CVE-2016-8617
Security Advisory Description The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via CURLOPTUSERNAME. CVE-2016-8617 Impact This vulnerability may allow an attacker to overwrite memory behind the...
PT-2023-19944 · Geotools · Geotools
Name of the Vulnerable Software and Affected Versions: GeoTools versions prior to 27.4 GeoTools versions prior to 28.2 Description: GeoTools is an open source Java library that provides tools for geospatial data. It includes support for OGC Filter expression language parsing, encoding and executi...