12 matches found
CVE-2024-40990
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq maxsge attribute maxsge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it...
CVE-2024-40990
The CVE-2024-40990 issue is a Linux kernel vulnerability in RDMA/mlx5 where the srq max_sge attribute, supplied by users, was inserted/used without proper bounds checks. The fix adds verification against the maximum allowed value before use, addressing potential overflow/abuse locally. Applicable...
CVE-2021-47347
In the Linux kernel, the following vulnerability has been resolved: wl1251: Fix possible buffer overflow in wl1251cmdscan Function wl1251cmdscan calls memcpy without checking the length. Harden by checking the length is within the maximum allowed size...
CVE-2021-47347 wl1251: Fix possible buffer overflow in wl1251_cmd_scan
In the Linux kernel, the following vulnerability has been resolved: wl1251: Fix possible buffer overflow in wl1251cmdscan Function wl1251cmdscan calls memcpy without checking the length. Harden by checking the length is within the maximum allowed size...
Curl 7.44.0 < 8.7.0 HTTP/2 Push Headers Memory-leak (CVE-2024-2398)
The version of Curl installed on the remote host is between 7.44.0 and prior to 8.7.0. It is, therefore, affected by a memory-leak vulnerability. When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed...
opcua Vulnerable to Out-of-bounds Write
The package opcua from 0.0.0 until 0.11.0 is vulnerable to Denial of Service DoS via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed...
Cross site request forgery (csrf)
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in email protected...
CVE-2020-35590
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of per IP address rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious...
Error: "Login exceeds maximum allowed users" on NetScaler Gateway
Users get the following error message when they try to log on through NetScaler Gateway: "Login exceeds maximum allowed users". Usually this issue appears after a firmware upgrade from NetScaler Gateway 9.x to NetScaler Gateway 10.5 and Universal Gateway License is allocated...
Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path
Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1418 Windows Defender: Controlled Folder Bypass through UNC Path Platform: Windows 10 1709 + Antimalware client version 4.12.16299.15 Class: Security Feature...
Surebackup Error “OS did not boot in the allotted time”
Challenge A VM being started by SureBackup fails with the error: OS did not boot in the allotted time Cause This error occurs when the VM being powered on by the SureBackup job fails to become stable within the "Maximum allowed boot time" specified in the Application Group settings or the Linked...
SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 5627)
Due to a faulty signal handler repeated login attempts could exhaust the maximum allowed connections and prevent further logins. CVE-2008-4109 A problem where utmp entries where not deleted when users logged out was also fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...