1890 matches found
SUSE CVE-2023-39325
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
Heap OOB Read
Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the latest release as of 09/28/23 the current master branch at commit c5603fa8de0e7d4460718e28f90989ffdf925494 . Description This AddressSanitizer output is indicating an OOB read of inval...
Subrion CMS XSS in /panel/configuration/financial/
A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...
CVE-2023-43830
A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...
Cross site scripting
A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...
CVE-2023-43830
A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...
Auctions run at significantly different speeds for different prize tiers
Lines of code Vulnerability details Comments The V5 implementation delegates the task of claiming prizes to a network of claimers. The fees received by a claimer are calculated based on a dutch auction and limited based on the prize size of the highest tier the smallest prize. As a result, it is...
_claimRewardsOnBehalf() User's rewards may be lost
Lines of code Vulnerability details Impact Incorrect determination of maximum rewards, which may lead to loss of user rewards Proof of Concept claimRewardsOnBehalf For users to retrieve rewards function claimRewardsOnBehalf address onBehalfOf, address receiver, bool forceUpdate internal if...
USN-6259-1 open-iscsi vulnerabilities
Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. CVE-2020-13987 Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI...
Important: bind
Issue Overview: A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly...
The vulnerability of the os/net/ipv2/uip6.c component in operating systems for Contiki-NG devices allows a hacker to cause a service failure.
The vulnerability in the os/net/ipv2/uip6.c component of Contiki-NG operating systems relates to the issue where operations exceed the buffer boundaries in memory when processing values of the MSS Maximum Segment Size parameter for received packets. Exploiting this vulnerability can allow a remot...
bind: named's configured cache size limit can be significantly exceeded
A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly...
How to Change the Maximum Segment Size on a NetScaler Appliance
This article describes how to change the Maximum Segment Size MSS for all sourced packets from a NetScaler appliance. Requirements Command line access to the NetScaler appliance through the console or a Secure Shell SSH client General knowledge of the NetScaler Command Line Interface CLI and UNIX...
CVE-2023-36632
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...
SUSE CVE-2023-2828
Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...
Doesn’t have proper slippage control.
Lines of code Vulnerability details Impact For risk management purposes, a swap will fail if the input coin amount exceeds a predefined limit. But it is not a slippage control. It doesn’t consider how many Canto a user wants to swap for. It is possible that the user will swap the token at a very...
Incorrect maxSwapAmount checked
Lines of code Vulnerability details Impact On onboarding, a part of the the received tokens will be swapped for 4 canto. To partially protect users, a maximum amount of tokens to be used for the swap is set. According to the documentation: For risk management purposes, a swap will fail if the inp...
UBUNTU-CVE-2023-2828
Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...
CVE-2023-35848
VirtualSquare picoTCP aka PicoTCP-NG through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member...
PT-2023-25340 · Virtualsquare · Virtualsquare Picotcp
Name of the Vulnerable Software and Affected Versions: VirtualSquare picoTCP aka PicoTCP-NG versions through 2.1 Description: The issue is related to the lack of a Maximum Segment Size MSS lower bound, which could potentially be set to zero. This affects the VirtualSquare picoTCP aka PicoTCP-NG...