CVE-2023-20891

The CVE-2023-20891 issue affects VMware Tanzu Application Service for VMs and Isolation Segment. A information-disclosure vulnerability arises from credentials being logged in hex encoding within platform system audit logs. A non-admin user with access to these logs could access hex-encoded CF AP...

USN-6247-1 linux-oem-5.17 vulnerabilities

David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. CVE-2022-2663 It was...

VMware Tanzu Application Service for VMs and Isolation Segment updates address information disclosure vulnerability (CVE-2023-20891)

3. VMware Tanzu Application Service for VMs and Isolation Segment information disclosure vulnerability CVE-2023-20891 The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform...

CVE-2023-21994

Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware component: Android Mobile Authenticator App. Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communicati...

The vulnerability of the os/net/ipv2/uip6.c component in operating systems for Contiki-NG devices allows a hacker to cause a service failure.

The vulnerability in the os/net/ipv2/uip6.c component of Contiki-NG operating systems relates to the issue where operations exceed the buffer boundaries in memory when processing values of the MSS Maximum Segment Size parameter for received packets. Exploiting this vulnerability can allow a remot...

Adding balance to accumulator does not depend on the current drawId, while documentation says it does

Lines of code Vulnerability details Impact In documentation protocol states that : To compute the allocated contribution for a draw d we'd compute the integral of curve cd=−t∗lnα∗α^d from lastdraw dold to dnew, and which is equal to −t∗ α^dold + t∗ α^dnew. Which clearly shows that contribution on...

GPAC 安全漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in the GPAC v2.3-DEV-rev381-g817a848f6-master version, which stems from a memory segment error in the dumpisomscene method of the /mp4box/filedump.c file...

GPAC 安全漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in the GPAC v2.3-DEV-rev381-g817a848f6-master version, which stems from a memory segment error in the gfdumpvrmlsffield method of the /lib/libgpac.so file...

OESA-2023-1393 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. Quoting ZDI security advisory 1: "This vulnerability allows local attackers to disclose sensitive information on affected...

How to Change the Maximum Segment Size on a NetScaler Appliance

This article describes how to change the Maximum Segment Size MSS for all sourced packets from a NetScaler appliance. Requirements Command line access to the NetScaler appliance through the console or a Secure Shell SSH client General knowledge of the NetScaler Command Line Interface CLI and UNIX...

UBUNTU-CVE-2023-2860

An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This fla...

CVE-2023-2625

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...

CVE-2023-35848

VirtualSquare picoTCP aka PicoTCP-NG through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member...

CVE-2023-35847

VirtualSquare picoTCP aka PicoTCP-NG through 2.1 does not have an MSS lower bound e.g., it could be zero...

Virtualsquare picoTCP 安全漏洞

Virtualsquare picoTCP is a free offshoot of PicoTCP from the Virtualsquare Personal Developer, originally distributed by Altran.be. A security vulnerability exists in Virtualsquare picoTCP version 2.1 and earlier versions, which stems from not setting the MSS lower bound...

PT-2023-25340 · Virtualsquare · Virtualsquare Picotcp

Name of the Vulnerable Software and Affected Versions: VirtualSquare picoTCP aka PicoTCP-NG versions through 2.1 Description: The issue is related to the lack of a Maximum Segment Size MSS lower bound, which could potentially be set to zero. This affects the VirtualSquare picoTCP aka PicoTCP-NG...

Contiki-NG 缓冲区错误漏洞

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. Contiki-NG suffers from a buffer error vulnerability that stems from the fact that when reading TCP MSS option values from incoming packets, the Contiki-NG operating system does not...

SUSE CVE-2023-2860

An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This fla...

CVE-2023-24817 RIOT-OS vulnerable to Out of Bounds write in routing with SRH

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer...

Linux Kernel IPv6 Segment Routing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...