Tag
#dos
Red Hat OpenShift Container Platform release 4.11.27 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to cr...
Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month. Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.
In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323133References: N/A
In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503
By Waqas A new record has been set for the largest reported HTTP DDoS attack, exceeding the previous record of 46 million requests per second (rps) in June 2022. This is a post from HackRead.com Read the original post: Cloudflare thwarts largest reported HTTP DDoS attack
78 new CVEs patched in this month's batch — nearly half of which are remotely executable and three of which attackers already are exploiting.
### Impact * The multipart body parser accepts an unlimited number of file parts. * The multipart body parser accepts an unlimited number of field parts. * The multipart body parser accepts an unlimited number of empty parts as field parts. ### Patches This is fixed in v7.4.1 (for Fastify v4.x) and v6.0.1 (for Fastify v3.x). ### Workarounds There are no known workaround. ### References Reported at https://hackerone.com/reports/1816195.
### Impact The `MultipartParser` using the package `python-multipart` accepts an unlimited number of multipart parts (form fields or files). Processing too many parts results in high CPU usage and high memory usage, eventually leading to an <abbr title="out of memory">OOM</abbr> process kill. This can be triggered by sending too many small form fields with no content, or too many empty files. For this to take effect application code has to: * Have `python-multipart` installed and * call `request.form()` * or via another framework like FastAPI, using form field parameters or `UploadFile` parameters, which in turn calls `request.form()`. ### Patches The vulnerability is solved in Starlette 0.25.0 by making the maximum fields and files customizable and with a sensible default (1000). Applications will be secure by just upgrading their Starlette version to 0.25.0 (or FastAPI to 0.92.0). If application code needs to customize the new max field and file number, there are new `req...