CVE-2023-24823 RIOT-OS vulnerable to Packet Type Confusion during IPHC send

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header...

CVE-2023-2118

Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints...

The vulnerability in the implementation of the TLS protocol in the Linux operating system allows a attacker to cause a service failure.

The vulnerability in the implementation of the TLS protocol in the Linux operating system’s kernel is related to concurrent access to ctx-cryptosend.info between the functions dotlsgetsockoptconf and dotlssetsockoptconf in the net/tls/tlsmain.c module race condition. This vulnerability arises due...

PT-2023-13337 · Glpi · Glpi Cmdb Plugin

Name of the Vulnerable Software and Affected Versions: GLPI CMDB plugin versions prior to 3.0.3 Description: The issue allows attackers to gain read access to sensitive information via a log/ pathname in the file parameter. This is achieved by exploiting the front/icon.send.php file in the CMDB...

send-payment.com Cross Site Scripting vulnerability OBB-3233527

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

UBUNTU-CVE-2023-28117

Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...

kernel: NFSD: Protect against send buffer overflow in NFSv2 READ

In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ Since before the git era, NFSD has conserved the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array of pages. This...

SUSE CVE-2004-0902

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service application crash or execute arbitrary code via 1 the "Send page" functionality, 2 certain responses from a...

SUSE CVE-2004-0938

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service server crash by sending an Ascend-Send-Secret attribute without the required leading packet...

SUSE CVE-2005-2023

The sendpinentryenvironment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail...

SUSE CVE-2005-3883

CRLF injection vulnerability in the mbsendmail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds LF in the "To" address argument...

SUSE CVE-2008-4311

The default configuration of system.conf in D-Bus aka DBus before 1.2.6 omits the sendtype attribute in certain rules, which allows local users to bypass intended access restrictions by 1 sending messages, related to sendrequestedreply; and possibly 2 receiving messages, related to...

SUSE CVE-2010-3859

Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipcmsgbuild function in net/tipc/msg.c and the verifyiovec function in...

SUSE CVE-2012-6704

The socksetsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sksndbuf and skrcvbuf, which allows local users to cause a denial of service memory corruption and system crash or possibly have unspecified other impact by leveraging the CAPNETADMIN...

SUSE CVE-2013-0308

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

SUSE CVE-2013-3302

Race condition in the smbsendrqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service NULL pointer dereference and OOPS or possibly have unspecified other impact via vectors involving a reconnection event...

SUSE CVE-2014-1590

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...

SUSE CVE-2015-9059

picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely...

SUSE CVE-2016-6480

Race condition in the ioctlsendfib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service out-of-bounds access or system crash by changing a certain size value, aka a "double fetch" vulnerability...

SUSE CVE-2016-8745

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn...