CVE-2023-41705

Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a...

Cross site request forgery (csrf)

Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated...

Cross site request forgery (csrf)

Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a...

CVE-2023-41707

Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated...

CVE-2023-41707

CVE-2023-41707 affects Open-Xchange App Suite. The issue is the unrestricted processing of user-defined mail search expressions, leading to high processing loads and potential availability degradation. Root cause: lack of limits on mail search processing; impact: availability could be reduced (as...

CVE-2023-41707

Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated...

CVE-2023-41706

Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined...

CVE-2023-41706

Open-Xchange App Suite is affected by CVE-2023-41706. The issue is unrestricted processing of user-defined drive search expressions, with monitoring that terminates requests once a resource threshold is exceeded, potentially reducing availability under high processing load. Remediation: apply the...

CVE-2023-41705

Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a...

CVE-2023-41705

Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a...

CVE-2023-41705

CVE-2023-41705 affects the Open-Xchange App Suite. The issue stems from unbounded processing of user-defined DAV user-agent strings, which can lead to high processing load and reduced availability of the OX App Suite. Mitigation is to deploy the provided updates/patch releases (e.g., as reference...

In tokenomics,sol, anyone can become admin and can at the same time alter the values of all input paramaters of the initializeTokenomics() function.

Lines of code Vulnerability details Impact This bug report is about a lack of access control checks on initializeTokenomics functions used to configure the protocol during the deployment. An attacker could exploit this vulnerability by front-running the deployment process and call...

Difference between normalvalue and thresholdvalue under SNMP configuration

This article explains the difference between thresholdValue and normalValue under SNMP configuration...

Error Handling in '_createAuction' Function

Lines of code Vulnerability details Potential Risk: The 'createAuction' function attempts to mint a new Verb by calling the 'verbs.mint' function. However, it lacks proper error handling for the minting process. If the minting operation fails e.g., due to insufficient gas or other reasons, the...

DEBIAN-CVE-2023-6135

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox 121...

stETH/ETH, rETH/ETH and cbETH/ETH chainlink oracles has too long of heartbeat and deviation threshold which can cause loss of funds

Lines of code Vulnerability details ChainlinkPriceOracle fetches prices from the Chainlink contracts. But the price feeds in the consideration has a very long price heartbeat and deviation rate which might lead to wrong price calculation and loss of token to the user. Impact According to the...

CVE-2023-46362

jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2encautothresholdusinghash in src/jbig2enc.cc...

DEBIAN-CVE-2023-46362

jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2encautothresholdusinghash in src/jbig2enc.cc...

UBUNTU-CVE-2023-46362

jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2encautothresholdusinghash in src/jbig2enc.cc...

After the market configuration expires or when borrow value greater than deposit value, there is no cap for liquidation seize amount

Lines of code Vulnerability details = Impact After the market configuration expires, there is no cap for liquidation seize amount Proof of Concept After the market configuration expires or when borrow value greater than deposit value, there is no cap for liquidation seize amount when liquidation ...