kernel: net/sched: sch_fq: fix integer overflow of "credit"

An integer overflow flaw was found in the Linux kernel network fair-queueing scheduler in the way the initial per-flow credit is set. If a configuration provides an excessively large initial quantum, the credit value can overflow to a negative number, leading to excessive scheduling and soft...

Upgraded Q -> 2 from #175 [1699029356616]

Judge has assessed an item in Issue 175 as 2 risk. The relevant finding follows: L-02 Initial values for GovernorSettings are very low ODGovernor is a OZ Governor with some plugins. It sets up its parameters in the constructor: ODGovernor::constructor: File: src/contracts/gov/ODGovernor.sol 41:...

Design/Logic Flaw

authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...

CVE-2023-46249 authentik potential installation takeover when default admin user is deleted

authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...

CVE-2023-46249 authentik potential installation takeover when default admin user is deleted

authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...

PT-2023-29928

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2023.8.4 and 2023.10.2 Description authentik is an open-source Identity Provider. When the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin use...

ROS-20231030-05

Apache HTTP Server vulnerability is related to blocking HTTP/2 connection processing if it was opened with 0 initial sliding window size. was opened with the initial sliding window size set to 0. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of servic...

In for a penny, in for ten quadrillion dollars

Lines of code Vulnerability details Impact StakedUSDeV2 can be bricked for a penny. Proof of concept The checkMinShares requirement called after any deposit and withdrawal function checkMinShares internal view uint256 totalSupply = totalSupply; if totalSupply 0 && totalSupply MINSHARES revert...

The vulnerability of the Apache HTTP Server web server, related to blocking HTTP/2 connection processing, allows a attacker to cause a service failure.

The vulnerability of the Apache HTTP Server is related to the blocking of HTTP/2 connection processing, if the initial window size is set to 0. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

AZL-43639 CVE-2023-43622 affecting package mod_http2 1.15.14-2

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

AZL-44955 CVE-2023-43622 affecting package mod_http2 for versions less than 2.0.29-3

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

Apache HTTP Server: DoS in HTTP/2 with initial windows size 0

...

CVE-2023-43622 Apache HTTP Server: DoS in HTTP/2 with initial windows size 0

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 CVE-2023-31122: modmacro buffer over-read...

Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks

SUMMARY The Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, and Multi-State Information Sharing and Analysis Center MS-ISAC are releasing this joint Cybersecurity Advisory CSA in response to the active exploitation of CVE-2023-22515. This recently...

Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation

When you have transforms on the root level or single source with transforms, and the client sends the same query with different variables, the initial variables are used in all following requests until the cache evicts DocumentNode. Let's say if a token is sent via variables, the following reques...

CVE-2020-27213

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

CVE-2020-27636

In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random...

CVE-2020-27213

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

CVE-2020-27634

In Contiki 4.5, TCP ISNs are improperly random...