GHSA-72HV-8253-57QQ jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

Summary The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. This allows an attacker to send JSON with arbitrarily long numbers through the async parser API, leading to excessive memory allocation and...

CVE-2024-42092

In the Linux kernel, the following vulnerability has been resolved: gpio: davinci: Validate the obtained number of IRQs Value of pdata-gpiounbanked is taken from Device Tree. In case of broken DT due to any error this value can be any. Without this value validation there can be out of chips-irqs...

CVE-2021-47286

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUGKMAPLOCAL is enabled The debugging code for kmaplocal doubles the number of per-CPU fixmap slots allocated for kmaplocal, in order to use half of them as guard regions. This...

CVE-2021-46910

In the Linux kernel, the following vulnerability has been resolved: ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUGKMAPLOCAL is enabled The debugging code for kmaplocal doubles the number of per-CPU fixmap slots allocated for kmaplocal, in order to use half of them as guard regions. This...

CVE-2021-46910 ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled

In the Linux kernel, the following vulnerability has been resolved: ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUGKMAPLOCAL is enabled The debugging code for kmaplocal doubles the number of per-CPU fixmap slots allocated for kmaplocal, in order to use half of them as guard regions. This...

NewStart CGSL CORE 5.05 / MAIN 5.05 : rsyslog Vulnerability (NS-SA-2023-0028)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has rsyslog packages installed that are affected by a vulnerability: - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is use...

UVI-2021-1000019 ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled

ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUGKMAPLOCAL is enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.16 by commit...

GSD-2021-1000019 ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled

ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUGKMAPLOCAL is enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.16 by commit...

GaussDB Kernel: Setting the Maximum Number of Concurrent Connections to the Database

maxconnections specifies the maximum concurrent connections to the database. Increasing the value of this parameter may cause GaussDB Kernel to request System V to share more memory or semaphore. If this occurs, the shared memory or semaphore will exceed the default value allowed by the OS. When...

openGauss: Configuring the Maximum Number of Audit Log Files

The parameter auditfileremainthreshold specifies the maximum number of audit log files. When the total number of audit log files exceeds the specified value, the system writes the warning information to the database logs, deletes the earliest audit log files, and records the deletion to the audit...

GaussDB: Configure the Maximum Number of Files that Can Be Opened in Processes

If the maximum number of files that can be opened in processes is too small, SQL operations will fail once the maximum number is exceeded. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

ZSQL: Maximum Number of Connections

If the maximum number of online connections is set to a large value, the required process socket handles and session pool memory may exceed the OS limit on the server. - Value: The minimum value to be compliant. - Maximum: The maximum value to be compliant. SPDX-FileCopyrightText: 2020 Greenbone ...

openSUSE Security Update : tomcat (openSUSE-2019-1808)

This update for tomcat to version 9.0.21 fixes the following issues : Security issues fixed : - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames bsc1131055. - CVE-2019-0221: Fixed a cross site scripting vulnerabilit...

Security update for tomcat (moderate)

openSUSE Security Update: Security update for tomcat Announcement ID: openSUSE-SU-2019:1673-1 Rating: moderate References: 1111966 1131055 1136085 Cross-References: CVE-2019-0199 CVE-2019-0221 Affected Products: openSUSE Leap 15.0 An update that solves two vulnerabilities and has one errata is no...

shopify-scripts: Broken handling of maximum number of method call arguments leads to segfault

Introduction ============ Improper logic for handling of maximum number of method call arguments leads to dereferencing an invalid pointer in some cases, which causes a segfault in both mruby and mrubyengine and the parent MRI. The crash only happens when the number of arguments, n == CALLMAXARGS...

WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities

WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities Exploit Title: WordPress appointment-booking-calendar =1.1.24 - Privilege escalation Managing calendars & Persistent XSS Date: 2016-01-28 Google Dork: Index of...

CVE-2015-1284

The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service invalid count value and use-after-free or possibly...

Pragma Systems FortressSSH 5.0 'msvcrt.dll' Exception Handling Remote Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27141/info Pragma Systems FortressSSH is prone to a remote denial-of-service vulnerability because it fails to adequately handle certain exceptions when processing overly long user-supplied input. Attackers can exploit th...

openSUSE Security Update : xinetd (openSUSE-SU-2014:0517-1)

xinetd was updated to receive security fixes and a bug fix. Security issues fixed : - CVE-2013-4342 bnc844230 - xinetd ignored user and group directives for tcpmux services - CVE-2012-0862 bnc762294 - xinetd enabled all services when tcp multiplexing is used Also added support for setting maximum...