PT-2026-44251

In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...

CVE-2026-33011 Nest Fastify HEAD Request Middleware Bypass

Nest is a framework for building scalable Node.js server-side applications. In versions 11.1.15 and below, a NestJS application using @nestjs/platform-fastify GET middleware can be bypassed because Fastify automatically redirects HEAD requests to the corresponding GET handlers if they exist. As a...

DEBIAN-CVE-2024-42328

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

CVE-2024-42328

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

CVE-2024-42328 JS - Crash on empty HTTP server response

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

PT-2024-9611 · Zabbix +3 · Zabbix +3

Name of the Vulnerable Software and Affected Versions: Browser object affected versions not specified Zabbix affected versions not specified Description: The issue is related to the handling of data downloaded from an HTTP server by the Browser object's web driver. When the server's response is a...

CVE-2024-24447

A buffer overflow in the ngapamfhandlepdusessionresourcesetupresponse function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service DoS via a PDU Session Resource Setup Response with an empty Response Item list...

dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process

A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process...

Mozilla SSL spoofing with document.location and empty SSL response page

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content aka 204 status code and an empty...