16 matches found
EUVD-2015-1586
Malware in sbrugna...
CVE-2019-20882
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team...
narayana: deadlock via multiple join requests sent to LRA Coordinator
A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of...
narayana: deadlock via multiple join requests sent to LRA Coordinator
A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of...
mptcp: pm: only decrement add_addr_accepted for MPJ req
...
AZL-49197 CVE-2024-45009 affecting package kernel for versions less than 5.15.167.1-1
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement addaddraccepted for MPJ req Adding the following warning ... WARNONONCEmsk-pm.addaddraccepted == 0 ... before decrementing the addaddraccepted counter helped to find a bug when running the "remove single...
DEBIAN-CVE-2024-45009
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement addaddraccepted for MPJ req Adding the following warning ... WARNONONCEmsk-pm.addaddraccepted == 0 ... before decrementing the addaddraccepted counter helped to find a bug when running the "remove single...
GHSA-JV65-PF7V-F7P8 Deserialization of Untrusted Data in Hazelcast
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code...
Matrix Synapse License Issue Vulnerability
Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. Matrix Synapse suffers from a security vulnerability that stems from the fact that a malicious or poorly implemented host server can inject malformed events by specifying different room ids in the pa...
CVE-2019-20882
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team...
Design/Logic Flaw
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team...
CVE-2019-20882
Mattermost Server before 5.8.0 does not honor the domain requirement when processing a join request for an open/public team. Root cause: domain validation in the join flow is insufficient, enabling potential unauthorized joining of public teams (exploit described in CNVD/DOCs). Affected version r...
CVE-2015-1451
Multiple cross-site scripting XSS vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the 1 WTP Name or 2 WTP Active Software Version field in a CAPWAP Join request...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the 1 WTP Name or 2 WTP Active Software Version field in a CAPWAP Join request...
CVE-2015-1451
CVE-2015-1451 refers to multiple XSS vulnerabilities in Fortinet FortiOS 5.0 Patch 7 (build 4457) affecting the CAPWAP server. The issue allows remote authenticated users to inject arbitrary web script or HTML via the WTP Name or WTP Active Software Version fields in a CAPWAP Join request. Affect...
CVE-2009-2548
Format string vulnerability in Armed Assault aka ArmA 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 nickname and 2 datafile fields in a joi...