61 matches found
django: potential denial-of-service vulnerability in IPv6 validation
A flaw was found in the Django framework. Lack of upper bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial of service attack. The undocumented and private functions cleanipv6address and isvalidipv6address were vulnerable, as was the...
PT-2025-8660 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A signed integer overflow issue has been identified in the Linux kernel, specifically in the ipv6 component, related to the l2tp ip6 sendmsg function. This occurs when the length len i...
CVE-2025-23041 Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...
UBUNTU-CVE-2024-53685
In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATHMAX If the full path to be built by cephmdscbuildpath happens to be longer than PATHMAX, then this function will enter an endless retry loop, effectively blocking the whole task. Most of the...
CVE-2022-48806 eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
In the Linux kernel, the following vulnerability has been resolved: eeprom: ee1004: limit i2c reads to I2CSMBUSBLOCKMAX Commit effa453168a7 "i2c: i801: Don't silently correct invalid transfer size" revealed that ee1004eepromread did not properly limit how many bytes to read at once. In particular...
Gas Cost Vulnerability
Lines of code Vulnerability details The fuse function iterates through the provided characterList to check for duplicate characters and validate the trays. If the length of characterList is too high, the gas cost for executing the fuse function will also be high, potentially reaching the block ga...
SUSE CVE-2016-7944
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INTMAX, which triggers the client to stop reading data and get out of sync...
ALPINE-CVE-2021-43303
Buffer overflow in PJSUA API when calling pjsuacalldump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied...
DEBIAN-CVE-2021-43303
Buffer overflow in PJSUA API when calling pjsuacalldump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied...
CVE-2021-41531
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation...
PT-2022-20313 · Lighttpd +1 · Lighttpd +1
Name of the Vulnerable Software and Affected Versions: Lighttpd versions 1.4.56 through 1.4.58 Description: The issue allows a remote attacker to cause a denial of service due to CPU consumption from stuck connections. This is because a typo in the connection read header more function in...
CVE-2019-1969
A vulnerability in the implementation of the Simple Network Management Protocol SNMP Access Control List ACL feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The...
Mixmax: no string size restriction on team name
To limit unintended effects across our UI and infrastructure, we put a maximum length on team names...
Weblate: Specify maximal length in new comment
Hi, I tried to put this new comment in a translation and I got error. Message: asjdk jsahd jkhsahdk jashkdsakdj asjdk jsahd jkhsahdk jashkdsakdj asjdk jsahd jkhsahdk jashkdsakdj asjdk jsahd jkhsahdk jashkdsakdj asjdk jsahd jkhsahdk jashkdsakdj asjdk jsahd jkhsahdk jashkdsakdj asjdk jsahd jkhsahdk...
UBUNTU-CVE-2016-7944
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INTMAX, which triggers the client to stop reading data and get out of sync...
tso-brute NSE Script
TSO account brute forcer. This script relies on the NSE TN3270 library which emulates a TN3270 screen for NMAP. TSO user IDs have the following rules: - it cannot begin with a number - only contains alpha-numeric characters and @, , $. - it cannot be longer than 7 chars Script Arguments...
Fedora 23 : php-symfony (2016-f36247d441)
Version 2.7.13 2016-05-09 - security 18733 limited the maximum length of a submitted username fabpot - bug 18730 FrameworkBundle prevent calling get for servicecontainer service xabbuh - bug 18709 DependencyInjection top-level anonymous services must be public xabbuh - bug 18692 add Event...
Fedora 24 : php-symfony (2016-224edc14dd)
Version 2.7.13 2016-05-09 - security 18733 limited the maximum length of a submitted username fabpot - bug 18730 FrameworkBundle prevent calling get for servicecontainer service xabbuh - bug 18709 DependencyInjection top-level anonymous services must be public xabbuh - bug 18692 add Event...
CVE-2013-5750: Security issue in FOSUserBundle login form
Django recently released a new version of their framework to address a possible DOS attack when an attacker uses a very long password on a login form. One of the best practices for passwords is to store a hash of the password instead of the raw value. In Symfony, the encoders are responsible for...
CVE-2010-1849
The mynetskiprest function in sql/netserv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service CPU and bandwidth consumption by sending a large number of packets that exceed the maximum length...