Solon before 2.3.3 allows Deserialization of Untrusted Data.Read More ...
Continue Reading
June 19, 2023
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.R ...
Continue Reading
June 19, 2023
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.Read More ...
Continue Reading
June 19, 2023
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.Read More ...
Continue Reading
June 19, 2023
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).Read More ...
Continue Reading
June 19, 2023
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.Read More ...
Continue Reading
June 19, 2023
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the sec ...
Continue Reading
June 19, 2023
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and l ...
Continue Reading
June 19, 2023
Back to Main
