1902 matches found
USN-6259-1 open-iscsi vulnerabilities
Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. CVE-2020-13987 Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI...
Important: bind
Issue Overview: A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly...
The vulnerability of the os/net/ipv2/uip6.c component in operating systems for Contiki-NG devices allows a hacker to cause a service failure.
The vulnerability in the os/net/ipv2/uip6.c component of Contiki-NG operating systems relates to the issue where operations exceed the buffer boundaries in memory when processing values of the MSS Maximum Segment Size parameter for received packets. Exploiting this vulnerability can allow a remot...
bind: named's configured cache size limit can be significantly exceeded
A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly...
How to Change the Maximum Segment Size on a NetScaler Appliance
This article describes how to change the Maximum Segment Size MSS for all sourced packets from a NetScaler appliance. Requirements Command line access to the NetScaler appliance through the console or a Secure Shell SSH client General knowledge of the NetScaler Command Line Interface CLI and UNIX...
CVE-2023-36632
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...
SUSE CVE-2023-2828
Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...
Doesn’t have proper slippage control.
Lines of code Vulnerability details Impact For risk management purposes, a swap will fail if the input coin amount exceeds a predefined limit. But it is not a slippage control. It doesn’t consider how many Canto a user wants to swap for. It is possible that the user will swap the token at a very...
Incorrect maxSwapAmount checked
Lines of code Vulnerability details Impact On onboarding, a part of the the received tokens will be swapped for 4 canto. To partially protect users, a maximum amount of tokens to be used for the swap is set. According to the documentation: For risk management purposes, a swap will fail if the inp...
UBUNTU-CVE-2023-2828
Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...
CVE-2023-35848
VirtualSquare picoTCP aka PicoTCP-NG through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member...
PT-2023-25340 · Virtualsquare · Virtualsquare Picotcp
Name of the Vulnerable Software and Affected Versions: VirtualSquare picoTCP aka PicoTCP-NG versions through 2.1 Description: The issue is related to the lack of a Maximum Segment Size MSS lower bound, which could potentially be set to zero. This affects the VirtualSquare picoTCP aka PicoTCP-NG...
Virtualsquare picoTCP 安全漏洞
Virtualsquare picoTCP is a free offshoot of PicoTCP from the Virtualsquare Personal Developer, originally distributed by Altran.be. A security vulnerability exists in Virtualsquare picoTCP version 2.1 and earlier versions, which stems from not setting the MSS lower bound...
GHSA-8F6X-V685-G2XC Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory OOM owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a...
Contiki-NG 缓冲区错误漏洞
Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. Contiki-NG suffers from a buffer error vulnerability that stems from the fact that when reading TCP MSS option values from incoming packets, the Contiki-NG operating system does not...
DEBIAN-CVE-2023-33863
SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff SIZEMAX and then there is an attempt to add 1...
CVE-2023-2253
...
CVE-2023-2253
A flaw was found in the /v2/catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned query string: n. This vulnerability allows a malicious user to submit an unreasonably large value for n, causing the allocation of a massive strin...
AZL-27027 CVE-2023-2253 affecting package helm for versions less than 3.13.2-1
A flaw was found in the /v2/catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned query string: n. This vulnerability allows a malicious user to submit an unreasonably large value for n, causing the allocation of a massive strin...
DEBIAN-CVE-2023-2253
A flaw was found in the /v2/catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned query string: n. This vulnerability allows a malicious user to submit an unreasonably large value for n, causing the allocation of a massive strin...