14 matches found
PT-2026-37568
In the Linux kernel, the following vulnerability has been resolved: hfs: Replace BUG ON with error handling for CNID count checks In a06ec283e125 next id, folder count, and file count in the super block info were expanded to 64 bits, and BUG ONs were added to detect overflow. This triggered an...
EUVD-2021-19909
Malware in sbrugna...
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5 a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
...
OESA-2024-1100 tomcat security update
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...
Discourse Security Breach
Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in versions prior to Discourse 3.1.1 that stems from not enforcing file size or number file limits...
OESA-2023-1155 apache-commons-fileupload security update
The javax.servlet package lacks support for RFC-1867, HTML file upload. This package provides a simple to use API for working with such data. The scope of this package is to create a package of Java utility classes to read multipart/form-data within a javax.servlet.http.HttpServletRequest. Securi...
GHSA-HFRX-6QGJ-FP6C Apache Commons FileUpload denial of service vulnerability
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...
DEBIAN-CVE-2023-24998
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...
UBUNTU-CVE-2023-24998
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...
Allocation of Resources Without Limits or Throttling
Overview std/archive/zip is a Go standard library package std/archive/zip Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: via the NewReader or OpenReader functions. An attacker can cause a panic or trigger an...
UBUNTU-CVE-2021-33196
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count in an archive's header can cause a NewReader or OpenReader panic...
SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2021:2214-1)
The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2214-1 advisory. - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers,...
SUSE-SU-2018:0552-1 Security update for SUSE Manager Server 3.1
This update fixes the following issues: nutch: - Fix hadoop log dir. bsc1061574 osad, rhnlib: - Fix update mechanism when updating the updateservice bsc1073619 pxe-default-image: - Spectre and Meltdown mitigation. CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, bsc1068032 spacecmd: - Support multipl...
http-sitemap-generator NSE Script
Spiders a web server and displays its directory structure along with number and types of files in each folder. Note that files listed as having an 'Other' extension are ones that have no extension or that are a root document. Script Arguments http-sitemap-generator.withindomain only spider URLs...