CVE-2023-25822 ReportPortal DoS vulnerability on creating a Launch with too many recursively nested elements

ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...

CVE-2023-25822

CVE-2023-25822 affects ReportPortal. Before version 5.10.0 of com.epam.reportportal:service-api (ReportPortal 23.2), the database can become unstable and reporting can largely halt when test_item.path exceeds the ltree indexing limit (path length ≥ 120, due to recursive nesting). The issue is add...

Ransomware review: September 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

SUSE CVE-2023-4807

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

AZL-78585 CVE-2023-4807 affecting package openssl-fips-provider 3.1.2-1

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

The vulnerability of the r592_remove function in the R592 device driver of the Linux operating system can be exploited by attackers to cause system failures or other unpredictable behaviors.

The vulnerability of function r592remove in the R592 device driver of the Linux operating system is related to the detection of race conditions. Exploiting this vulnerability may allow an attacker to cause problems with the device’s functionality after it is released, which could lead to system...

PT-2023-18327 · Unknown · Core Platform

Name of the Vulnerable Software and Affected Versions: Core Platform affected versions not specified Description: The issue is related to memory corruption in the Core Platform when printing the response buffer in the log. This corruption occurs during the logging process, potentially leading to...

Cisco NX-OS Software ICMP Version 6 Memory Leak Denial of Service (CVE-2021-1229)

A vulnerability in ICMP Version 6 ICMPv6 processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service DoS condition. This vulnerability is due to improper error handling when an...

Cisco Nexus 9000 Series Switches Reserved VLAN Number (CVE-2015-6295)

Cisco NX-OS 6.12I34 and 7.03I11 on Nexus 9000 N9K devices allows remote attackers to cause a denial of service CPU consumption or control-plane instability or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560. This plugin only works with...

The code uses arithmetic operations without explicitly checking for possible overflows or underflows

Lines of code Vulnerability details Impact The impact of the Integer Overflow/Underflow vulnerability can be summarized as follows: Data Inaccuracy: The vulnerability can lead to incorrect calculations and inaccurate data, potentially compromising the integrity of voting processes and other...

Bug on e handling of excess ETH deposits

Lines of code Vulnerability details The StaderStakePoolsManager contract contains a critical bug that could lead to financial loss and system instability. The bug is related to the handling of excess ETH deposits and the calculation of available ETH for new deposits. Bug Description: In the...

kernel: RDMA/irdma: Cap MSIX used to online CPUs + 1

A bounds checking flaw was found in the Intel RDMA irdma driver in the Linux kernel. The driver may request more MSIX vectors than online CPUs allow, then attempt to set CPU affinity hints with an invalid CPU mask. This triggers kernel warnings and could cause instability...

kernel: ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()

A flaw was found in the Linux kernel's ASoC da7219 audio codec driver. An error handling path in da7219registerdaiclks incorrectly attempts to unregister a clock that was never successfully registered. This could lead to incorrect resource cleanup during driver probe failure, potentially causing...

kernel: icmp: Fix data-races around sysctl.

A flaw was found in the Linux kernel's ICMP protocol. A race condition can occur when reading the ICMP sysctl variables due to a missing lock, potentially impacting system stability and resulting in a denial of service...

PT-2025-25885 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the openvswitch component. The issue occurs when the ovs dp cmd new function fails during datapath creation...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-67111)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized creation, deletion, or modification access to critical data or all MySQL Server-accessible data, as well as cau...

SUSE CVE-2018-1000155

OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID DataPath IDentifier in the featuresreply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network...

SUSE CVE-2020-3350

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. A...

SUSE CVE-2021-29962

Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...

Exploit for Race Condition in Apple Ipados

CVE-2022-42864: Diabolical Cookies What is this repo? This...