Denial of service

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header...

VMware ESXi和vCenter Server 安全漏洞

VMware ESXi and VMware vCenter Server are both products of VMware, Inc. VMware ESXi is a server virtualization platform that can be installed directly on physical servers. vMware vCenter Server is a suite of server and virtualization management software. The software provides a centralized platfo...

Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List

Impact Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected. Patches Upgrade to 7.9.0 Workarounds Catch and discard any exceptions from...

swtpm: Unchecked header size indicator against expected size

An out-of-bounds read vulnerability was found in swtpm. The vulnerability exists due to a boundary condition when the byte array representing the state of the TPM is accessed. This flaw allows an attacker to send a specially crafted header, triggering an out-of-bounds read access on the byte arra...

golang.org/x/text/language Denial of service via crafted Accept-Language header

The BCP 47 tag parser has quadratic time complexity due to inherent aspects of its design. Since the parser is, by design, exposed to untrusted user input, this can be leveraged to force a program to consume significant time parsing Accept-Language headers. The parser cannot be easily rewritten t...

AZL-33589 CVE-2022-32149 affecting package influxdb for versions less than 2.6.1-17

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

CVE-2022-32149

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

CVE-2022-32149

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

Missing Release of Resource after Effective Lifetime

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

Missing Release of Resource after Effective Lifetime

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

CVE-2022-32149 Denial of service via crafted Accept-Language header in golang.org/x/text/language

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

GO-2022-1059 Denial of service via crafted Accept-Language header in golang.org/x/text/language

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

Netlify netlify-ipx 代码问题漏洞

Netlify netlify-ipx is a library from the American company Netlify. It is used for on-demand image optimization of Netlify. A code issue vulnerability exists in Netlify netlify-ipx versions prior to 1.2.3. An attacker exploiting this vulnerability could bypass the source image field allowlist by...

dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE versions 1.0.2 through 14.10.5...

The vulnerability of the password reset function of the Snipe-IT asset management system allows a hacker to obtain a password reset token and access the account.

The vulnerability of the password reset function in the Snipe-IT asset management system is related to incorrect elimination of certain elements in the output data. Exploiting this vulnerability can allow a malicious actor to obtain a password reset token and access to the account by sending a...

Snipe-IT 注入漏洞

Snipe-IT is an open source IT asset/license management system. An injection vulnerability exists in Snipe-IT versions v3.0-alpha through v5.3.7. The vulnerability stems from sending a specially crafted request header in a password reset request that can send a password reset link to the user, whi...

PaquitoSoftware Notimoo Cross-Site Scripting Vulnerability

Notimoo is a method for web developers to display notifications to users. PaquitoSoftware Notimoo suffers from a cross-site scripting vulnerability that can be exploited by attackers to execute arbitrary web script or HTML via a carefully crafted header or message in a notification...

OESA-2022-1532 cryptsetup security update

cryptsetup is a utility used to conveniently set up disk encryption based on the DMCrypt kernel module. Security Fixes: It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the...

CVE-2022-24667

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of...