EUVD-2006-4777

Malware in sbrugna...

AZL-39514 CVE-2023-45288 affecting package telegraf for versions less than 1.29.4-3

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

UBUNTU-CVE-2023-39326

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...

Buffer Overflows

kernel is vulnerable to denial of service DoS attacks. The way a user sends RPC over TCP with excess data added at the end of the message may allow a remote attacker to starve the resources, causing a denial of service...

CVE-2022-31226

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system...

QNAP NAS 信息泄露漏洞

QNAP NAS is an accessible and fast storage solution from China Weilian Technology QNAP. QNAP NAS suffers from an information disclosure vulnerability that originates from an application exporting too much data. A remote attacker could exploit this vulnerability to gain unauthorized access to...

Object Computing OpenDDS 输入验证错误漏洞

Object Computing OpenDDS is an open source middleware framework for C++ and Java applications from Object Computing, Inc. An input validation error vulnerability exists in Object Computing OpenDDS, which arises from the product's failure to effectively handle unnecessary data. An attacker could...

CVE-2018-16150

In sigverify in x509.c in axTLS version 2.1.3 and before, the PKCS1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509...

CVE-2018-16150

In axTLS 2.1.3 and earlier, the PKCS#1 v1.5 signature verification in sig_verify() fails to reject excess data after the hash, enabling signature forgery when small public exponents are used. This can lead to impersonation via forged X.509 certificates. This CVE-2018-16150 is a variant of CVE-200...

CVE-2018-16151

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS1 v1.5 signature verification. Similar to the flaw in the same version of strongSwa...

Design/Logic Flaw

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS1 v1.5 signature verification. Consequently, a remote attacker can forge...

CVE-2018-16151

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS1 v1.5 signature verification. Similar to the flaw in the same version of strongSwa...

CVE-2018-16151

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS1 v1.5 signature verification. Similar to the flaw in the same version of strongSwa...

CVE-2018-16152

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS1 v1.5 signature verification. Consequently, a remote attacker can forge...