CVE-2022-29700

A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service DoS during password verification...

CVE-2022-23435

decoding.c in android-gif-drawable before 1.2.24 does not limit the maximum length of a comment, leading to denial of service...

CVE-2021-47347

In the Linux kernel, the following vulnerability has been resolved: wl1251: Fix possible buffer overflow in wl1251cmdscan Function wl1251cmdscan calls memcpy without checking the length. Harden by checking the length is within the maximum allowed size...

PT-2024-2031 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions prior to v8.1.9 Description: The issue is related to uncontrolled resource consumption. An attacker can exploit this by setting a custom user status with an emoji value as a very long string, causing high resource...

PT-2023-25662 · Opswat · Opswat Metadefender Kiosk

Name of the Vulnerable Software and Affected Versions: OPSWAT MetaDefender KIOSK version 4.6.1.9996 Description: An issue was discovered in OPSWAT MetaDefender KIOSK where long inputs were not properly processed, allowing remote attackers to cause a denial of service, resulting in a loss of...

Nextcloud: No password length restriction in reset password endpoint

There was no password length restriction in the reset password endpoint of the Nextcloud platform, which could allow an attacker to perform a denial of service attack by entering a large number of characters as a password. The vulnerability has been mitigated by restricting users to use less than...

SUSE-SU-2022:3793-1 Security update for netty

This update for netty fixes the following issues: - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream bsc1168932 - CVE-2021-21290: Information disclosure via the local system temporary directory bsc1182103 - CVE-2021-37136: Bzip2Decoder doesn't...

PT-2022-21794 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.0a3 Description: The issue is related to the allocation of resources without limits or throttling, allowing users to insert an email longer than 255 characters. If a user signs up with an excessively long email...

MTN Group: String length restriction byepass at https://callerfeel.mtnonline.com/profile/feedback.html

Summary: Hi, hope you are well : I found that the attacker can bye pass the lenght restriction of user name at the feedback form Steps To Reproduce: F1823237 Impact Attacker can make the receiver page to delay and can cause application level dos Mitigation: Restrict the lenght of the string in...

CVE-2022-29700

A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service DoS during password verification...

Default credentials

A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service DoS during password verification...

CVE-2022-29700

CVE-2022-29700 affects Zammad v5.1.0; a lack of password length restriction allows creation of extremely long passwords, which can cause a Denial of Service during password verification. Connected sources describe the condition and impact but do not provide concrete exploit details, affected patc...

CVE-2022-29700

A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service DoS during password verification...

ReDoS in Sec-Websocket-Protocol header

Impact A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. Proof of concept js for const length of 1000, 2000, 4000, 8000, 16000, 32000 const value = 'b' + ' '.repeatlength + 'x'; const start = process.hrtime.bigint; value.trim.split/...

Integer overflow

Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction...

Arbitrary Code Execution

exim4 is vulnerable to arbitrary code execution. An integer overflow allows an attacker to execute arbitrary code on the host OS by leveraging on the mishandling of continuation lines during header-length restriction...

CVE-2020-28020

Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction...

CVE-2020-28020

Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction...

CVE-2020-28020

Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction...

EUVD-2020-20511

Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction...