GraphQL Alias Overloading Enabled

GraphQL is an open-source query and manipulation language for APIs. GraphQL alias overloading is a vulnerability where an attacker sends queries with numerous aliased fields to cause server performance degradation. The server must process each alias separately, which can lead to excessive CPU...

CVE-2024-50164

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...

CVE-2024-50164

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...

CVE-2024-50164 bpf: Fix overloading of MEM_UNINIT's meaning

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEMUNINIT's meaning Lonial reported an issue in the BPF verifier where checkmemsizereg has the following code: if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw mode so that the...

MikroTik RouterOs Uncontrolled Resource Consumption (CVE-2020-20217)

Mikrotik RouterOs before 6.47 stable tree suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. This plugin only works with Tenable.ot. Please visit...

MikroTik RouterOs Uncontrolled Recursion (CVE-2020-20213)

Mikrotik RouterOs 6.44.5 long-term tree suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. This plugin only works with Tenable.ot. Please visit...

CVE-2024-1402 Denial of service in mattermost mobile apps and server via emoji reactions

Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post and to...

Same proposer can make duplicate proposals

Lines of code Vulnerability details Impact A proposer can continuously create new proposals, even if they are redundant or unnecessary. This can overload the system and make it difficult for other participants to navigate through legitimate proposals. Proof of Concept In the propose function, the...

Design/Logic Flaw

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user wou...

Security Bulletin: Rational Asset Analyzer is vulnerable to denial of service due to GraphQL Java (CVE-2022-37734)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by Rational Asset Analyzer. This vulnerability is located in the GraphQL Java library used by IBM WebSphere Application Server Liberty, with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. This has been addresse...

GraphQL Cop - Security Auditor Utility For GraphQL APIs

GraphQL Cop is a small Python utility to run common security tests against GraphQL APIs. Requirements Python3 Requests Library Detections Alias Overloading DoS Batch Queries DoS GET based Queries CSRF GraphQL Tracing / Debug Modes Info Leak Field Duplication DoS Field Suggestions Info Leak Graphi...

CVE-2020-20221

Mikrotik RouterOs before 6.44.6 long-term tree suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU...

CVE-2020-20248

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU...

Writing a libemu/Unicorn Compatability Layer

In this post we are going to take a quick look at what it takes to write a libemu compatibility layer for the Unicorn engine. In the course of this work, we will also import the libemu Win32 environment to run under Unicorn. For a bit of background, libemu is a lightweight x86 emulator written in...

ATutor 2.2 Session Variable Overloading Vulnerability

ATutor versions 2.2 and below suffer from a session variable overloading vulnerability. ---------------------------------------------------------------------- ATutor = 2.2 confirm.php Session Variable Overloading Vulnerability ----------------------------------------------------------------------...