GHSA-MPPV-79CH-VW6Q Apache Tomcat vulnerable to information leak

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS message would be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...

DEBIAN-CVE-2023-34981

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...

UBUNTU-CVE-2023-34981

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...

Uses Send Value to transfer Native token instead of Transfer Function

Lines of code Vulnerability details Impact The Send Value is susceptible to a reentrancy attack. Proof of Concept If the recipient is a malicious contract that performs a reentrant call back into the LlamaAccount contract, it can execute code before the transfer is completed and potentially...

Upgraded Q -> 2 from #48 [1686129354989]

Judge has assessed an item in Issue 48 as 2 risk. The relevant finding follows: CALLING transfer FUNCTION TO SEND ETH CAN REVERT --- The text was updated successfully, but these errors were encountered: All reactions...

Information disclosure

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

CVE-2023-33297

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service e.g., CPU consumption because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023...

Code injection

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service e.g., CPU consumption because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023...

PT-2023-24276 · Unknown +1 · Bitcoin Core +1

Name of the Vulnerable Software and Affected Versions: Bitcoin Core versions prior to 24.1 Description: The issue allows attackers to cause a denial of service, specifically CPU consumption, because draining the inventory-to-send queue is inefficient. This has been exploited in the wild in May...

CVE-2023-33297

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service e.g., CPU consumption because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023...

CVE-2023-33297

Bitcoin Core prior to v24.1 is affected by CVE-2023-33297. When debug mode is not enabled, the node’s inventory-to-send queue draining is inefficient, allowing a denial-of-service (e.g., CPU consumption). The issue has been observed in the wild (May 2023). A fix is provided in Bitcoin Core 24.1 a...

CVE-2023-33297

Removed by vendor...

kernel: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg

In the Linux kernel, the following vulnerability has been resolved: mt76: mt76x02u: fix possible memory leak in mt76x02umcusendmsg Free the skb if mt76ubulkmsg fails in mt76x02umcusendmsg routine...

kernel: NFSD: Protect against send buffer overflow in NFSv2 READ

In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ Since before the git era, NFSD has conserved the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array of pages. This...

kernel: iavf: Fix adminq error handling

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavfallocasqbufs/iavfallocarqbufs allocates with dmaalloccoherent memory for VF mailbox. Free DMA regions for both ASQ and ARQ in case error happens during configuration of ASQ/ARQ registers. Witho...

kernel: NFSD: Protect against send buffer overflow in NFSv2 READ

In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ Since before the git era, NFSD has conserved the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array of pages. This...

kernel: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg

In the Linux kernel, the following vulnerability has been resolved: mt76: mt76x02u: fix possible memory leak in mt76x02umcusendmsg Free the skb if mt76ubulkmsg fails in mt76x02umcusendmsg routine...

PT-2025-8529 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists in the Linux kernel related to the sysctl tcp min snd mss variable. This issue occurs because the variable can be changed concurrently while being read,...

CVE-2023-2522

A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sendorder.cgi?parameter=accessdetect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an...

CVE-2023-1623

The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack...