CVE-2023-53635

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: fix wrong ct-timeout value struct nfconn-timeout is an interval before the conntrack confirmed. After confirmed, it becomes a timestamp. It is observed that timeout of an unconfirmed conntrack: - Set by...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the connection tracking module incorrectly handling the ct-timeout value, which could result in an abnormal...

CVE-2023-32690

libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that...

CVE-2020-13849

The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service loss of the ability to establish new connections, as demonstrated by SlowITe...

CVE-2021-47582

In the Linux kernel, the following vulnerability has been resolved: USB: core: Make doproccontrol and doprocbulk killable The USBDEVFSCONTROL and USBDEVFSBULK ioctls invoke usbstartwaiturb, which contains an uninterruptible wait with a user-specified timeout value. If timeout value is very large...

CVE-2023-32690 Responder can Invoke Undefined Behavior in libspdm Requester

libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that...

Stop Spammers Security < 2023 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the payload below in any of the "Challenge...

PT-2021-17902 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.71.1 Description: A remotely exploitable integer overflow issue exists due to a very large grpc-timeout value, leading to unexpected timeout calculations. Recommendations: For versions prior to 1.71.1, update to a...

Envoy 输入验证错误漏洞

Envoy is an open source distributed proxy server. versions prior to Envoy 1.71.1 are vulnerable to integer overflow, which can be exploited by an attacker with an excessive grpc-timeout value to cause an unexpected timeout calculation...

SUSE-SU-2020:1423-1 Security update for mariadb-connector-c

This update for mariadb-connector-c fixes the following issues: Security issue fixed: - CVE-2020-13249: Fixed an improper validation of OK packets received from clients bsc1171550. Non-security issues fixed: - Update to release 3.1.8 bsc1171550 CONC-304: Rename the static library to libmariadb.a...

Denial Of Service (DoS)

The kernel package is vulnerable to denial of service DoS. The possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service kernel panic...

Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support

Easily turn single threaded command line applications into fast, multi threaded application with CIDR and glob support. Setup Install using: $ python3 setup.py install Dependencies will then be installed and Interlace will be added to your path as interlace. Usage Argument | Description ---|--- -...

kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled

It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks...

Product update: Virtuozzo 7.0 Update 3

The new packages for Virtuozzo 7.0 introducing new features and bug fixes. Vulnerability id: PSBM-56838 Kernel panic when creating ploops on NVMe devices. Vulnerability id: PSBM-56668 HWIDs could not be obtained for SGI UV 1000 nodes. Vulnerability id: PSBM-56667 vzlicview could incorrectly detec...

CVE-2016-7042

It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks...

CentOS 5 : ccid (CESA-2013:1323)

An updated ccid package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

CVE-2007-5966

Integer overflow in the hrtimerstart function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service panic via a large relative timeout value. NOTE: some of these details are obtained from third party information...

Security Issue in Icewarp

Icewarp is one the world's most used web mail software. It's another product of Merak Mail developers. There is an seccurity issue in Icewarp. It's like this: When you create a new user , icewarp gives him a static number. If this user does not logout after checking his inbox you can access his...