openssl: integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

redis: Integer overflow issue with strings

An integer overflow issue was found in redis in the underlying string library. The vulnerability involves changing the default "proto-max-bulk-len" configuration parameter to a very large value and constructing specially crafted network payloads or commands. This flaw allows a remote attacker to...

redis: Integer overflow issue with Streams

An integer overflow issue was found in redis. The vulnerability involves changing the default "proto-max-bulk-len" and "client-query-buffer-limit" configuration parameters to very large values and constructing specially crafted large stream elements. This flaw allows a remote attacker to corrupt...

redis: Integer overflow issue with strings

An integer overflow issue was found in redis in the underlying string library. The vulnerability involves changing the default "proto-max-bulk-len" configuration parameter to a very large value and constructing specially crafted network payloads or commands. This flaw allows a remote attacker to...

Unable to create MCS machine catalog due to large number of Provisioning Tasks

In rare cases, MCS machine catalog may fail to create with the following error -- Action Name: MCCreateMachineCatalogInitialzation Exception: DesktopStudioErrorId : UnknownError ErrorCategory : ResourceUnavailable DesktopStudioPowerShellHistory : Create Machine Catalog 'XXXXXXX' On analyzing the...

openssl: integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

Request a Quote < 2.3.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. As admin, put the below payloads in the related vulnerable field/s and save them there i...

CVE-2021-1962

Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum endpoint pair and its size in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired...

Trend Micro Maximum Security Directory Junction Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exis...

ISC BIND 处理逻辑错误漏洞

ISC BIND is a suite of open source software from ISC that implements the DNS protocol. A Processing Logic Error vulnerability exists in ISC BIND, which originates when named attempts to respond via UDP with a response larger than the currently valid interface's Maximum Transmission Unit MTU and...

net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX NF_SYSCTL_CT_EXPECT_MAX and NF_SYSCTL_CT_BUCKETS sysctls.

...

Failed to add disks to the VM from XenCenter, error "you have reached the maximum number of virtual disks allowed for this virtual machine"

Adding more than 6 disks to VM from XenCenter throws error "You have reached the maximum number of virtual disks allowed for this virtual machine"...

Allowance cannot be reset once it is set to the maximum

Handle shw Vulnerability details Impact The approve functions of the pool LP tokens and synths do nothing if the allowances is already the maximum number, i.e., typeuint256.max. Therefore, Alice cannot change her allowance to Bob once she approved him with the maximum approval. Proof of Concept...

CVE-2021-37220

MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input...

golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header

A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes...

Circutor SGE-PLC1000 OS Command Injection Vulnerability

Circutor SGE-PLC1000 is a smart metering system device. The primary function is to manage utility power through CIRWATT meters or other meters with PRIME technology.An operating system command injection vulnerability exists in firmware version 0.9.2b of the Circutor SGE-PLC1000, which can be...

CVE-2021-33841

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges...

CVE-2021-33841 Circutor SGE-PLC1000 OS command Injection

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges...

CVE-2021-32460

The Trend Micro Maximum Security 2021 v17 consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on t...

CVE-2021-32460

The Trend Micro Maximum Security 2021 v17 consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on t...