CVE-2023-23550

An OS command injection vulnerability exists in the ysthirdparty userdelete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2023-27390

A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...

CVE-2023-27390

A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...

Heap overflow

A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...

CVE-2023-27390

A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...

Diagon Sequence::DrawText heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1744 Diagon Sequence::DrawText heap-based buffer overflow vulnerability July 5, 2023 CVE Number CVE-2023-27390 SUMMARY A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown...

GHSA-CGGH-PQ45-6H9X llhttp vulnerable to HTTP request smuggling

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

CLSA-2023-1688070489 Fix CVE(s): CVE-2022-28391

SECURITY UPDATE: some applets are vulnerable to escape sequence injection when used from an VT compatible terminal - debian/patches/CVE-2022-28391.patch: sockaddr2str: ensure only printable characters are returned for the hostname part - CVE-2022-28391 Fix cpio.tests -...

Arbitrary parameters

Lines of code Vulnerability details Impact There is no way to check that the sequence parameter is indeed a correct one Proof of Concept It is being passed straight to a function which modifies the KVStore's pools, thus it could be any value due to not being checked e. g. it could be 0,...

Denial of Service via reachable assertion

A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is hig...

Huawei EulerOS: Security Advisory for less (EulerOS-SA-2023-2125)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2020-36694

An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAPNETADMIN capability in an...

The vulnerability of the ISN Handler TCP connection processing component in Siemens’ software and hardware products allows attackers to intercept existing sessions.

The vulnerability of the ISN Handler TCP connection processing component in Siemens’ software and hardware products is related to the predictability of random session numbers. Exploiting this vulnerability allows a malicious actor to intercept existing sessions remotely...

DEBIAN-CVE-2020-36694

An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAPNETADMIN capability in an...

UBUNTU-CVE-2020-36694

An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAPNETADMIN capability in an...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a resource management error vulnerability that stems from the incorrect handling of per-CPU sequence counts during concurrent iptables rule...

kernel: drivers:md:fix a potential use-after-free bug

A use-after-free bug exists in the linux kernel such that in the line "raid5releasestripesh;" drops the reference to sh and may cause sh to be released. However, sh is subsequently used in lines "if sh-batchhead && sh != sh-batchhead" resulting in a minor application crash...

DNS wire format AND DNS label-sequence format ARE USED INTERCHANGABLY TO REPRESENT DOMAIN NAMES DURING RRSet VALIDATION

Lines of code Vulnerability details Impact @param name The name to claim, in DNS wire format. above format is used in DNSRegistrar.proveAndClaim and DNSRegistrar.proveAndClaimWithResolver functions @param name The name of the RRSIG record, in DNS label-sequence format. above format is used in...