13 matches found
openipmi: missing check on the authorization type on incoming LAN messages in IPMI simulator
A flaw was found in the IPMI simulator ipmisim component of OpenIPMI. Due to a missing check in the authorization type on incoming LAN messages, an attacker may be able to trigger a denial of service...
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
Impact There are two separate code paths in which memory can be allocated per message in excess of the grpc.maxreceivemessagelength channel option: 1. If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded. 2. If an...
CVE-2024-37168 @grpc/grpc-js can allocate memory for incoming messages well above configured limits
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.maxreceivemessagelength channel option: If an...
PT-2023-12817 · Qualcomm · 9205 Lte Modem Firmware +7
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue is related to memory corruption in a modem, caused by improper input validation when handling incoming CoAP messages. Recommendations: At the moment, there is no information...
Microsoft Windows TCP/IP component 资源管理错误漏洞
Microsoft Windows TCP/IP component is a component of Microsoft Corporation USA that provides TCP/IP configuration functionality for Windows.A denial of service vulnerability exists in Microsoft Windows TCP/IP, which stems from a failure to properly handle incoming error messages. An attacker coul...
Microsoft Visual Studio和Microsoft .NET 输入验证错误漏洞
Microsoft Visual Studio is a family of development tool suites and a fundamentally complete development toolset that includes most of the tools needed throughout the software lifecycle.Microsoft .NET is a software framework dedicated to agile software development, rapid application development,...
CVE-2019-9749
An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker server, it mishandles incoming network messages. After processing a crafted packet, the plugin's mqttpacketdrop function in /plugins/inmqtt/mqttprot.c executes the memmove functio...
CVE-2015-9192
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD...
Facebook Proposes Eliminating User Voting System for Privacy Changes
Facebook today announced plans to eliminate its voting system that gave users a say in how their privacy is handled. In a statement issued Wednesday, Elliot Schrage, Vice President, Communications, Public Policy and Marketing for the Menlo Park, Calif.-based social media company, said the voting...
SuSE 10 Security Update : finch, libpurple, and pidgin (ZYPP Patch Number 8131)
Various remote triggerable crashes in pidgin have been fixed : - In some situations the MSN server sends text that isn't UTF-8 encoded, and Pidgin fails to verify the text's encoding. In some cases this can lead to a crash when attempting to display the text . CVE-2012-1178 - Incoming messages wi...
Siemens Tecnomatix FactoryLink SCADA VRN Server Multiple Buffer Overflows
Multiple buffer overflow vulnerabilities have been reported in Siemens Tecnomatix FactoryLink VRN Server SCADA system. The vulnerabilities are due to a boundary error in the application's VRN Server, which occurs while handling incoming message requests. A remote attacker could leverage these...
USN-902-1: Pidgin vulnerabilities
Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. CVE-2010-0277 Sadrul Habib Chowdhury discovered that...
security flaw
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an incoming message...