Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2023-22740: Chat drafts should have a maximum character limit and the number of loaded drafts should be limited

Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user. This issue has been patched in version 2.1.0.beta1 (beta) and (tests-passed). Users should upgrade to the latest version where a limit has been introduced. There are no workarounds available.

CVE
Open in Source
#dos
GHSA-x477-fq37-q5wr: Initial debug-host handler implementation could leak information and facilitate denial of service

### Impact version 1.5.0 and 1.6.0 when using the new `debug-host` feature could expose unnecessary information about the host ### Patches Use 1.6.1 or newer ### Workarounds Downgrade to 1.4.0 or set `debug-host` to empty ### References https://github.com/fortio/proxy/pull/38 Q&A https://github.com/fortio/proxy/discussions

Riot Games Latest Video-Game Maker to Suffer Breach

Highlighting continued attacks on game developers, attackers stole source code from and issued a ransom demand to the maker of League of Legends.

CVE-2023-22486: Quadratic complexity bug in handle_close_bracket may lead to a denial of service

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.

CVE-2023-20925: Pixel Update Bulletin—January 2023  |  Android Open Source Project

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A

CVE-2023-24167: Tenda/1.md at main · DrizzlingSun/Tenda

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.

CVE-2023-24169: Tenda/6.md at main · DrizzlingSun/Tenda

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.

CVE-2023-24166: Tenda/2.md at main · DrizzlingSun/Tenda

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.

CVE-2023-24170: Tenda/3.md at main · DrizzlingSun/Tenda

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat.

CVE-2023-24164: Tenda/4.md at main · DrizzlingSun/Tenda

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.