Lucene search
K

332 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-29785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to...

7.5CVSS5.9AI score0.00402EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-7711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures...

7.5CVSS7.1AI score0.01755EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/08/21 5:1 p.m.8 views

CVE-2025-8402 Nil pointer dereference in bulk import crashes server

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...

4.9CVSS0.00299EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/21 5:1 p.m.2 views

CVE-2025-8402 Nil pointer dereference in bulk import crashes server

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...

4.9CVSS7AI score0.00299EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-29652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial o...

7.5CVSS7.3AI score0.03228EPSS
Exploits0References2
Veracode
Veracode
added 2025/06/05 3:9 a.m.4 views

Null Pointer Dereference

github.com/quic-go/quic-go is vulnerable to a Nil-Pointer Dereference. The vulnerability is due to improper handling of ACKs for path probe packets, where they are crafted and sent by a malicious client in a way that triggers the nil-pointer dereference in the server's loss recovery logic, It...

7.5CVSS6.5AI score0.00402EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/06/03 6:9 a.m.2 views

GHSA-J972-J939-P2V3 quic-go Has Panic in Path Probe Loss Recovery Handling

Impact The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses thereby triggering the newly adde...

7.5CVSS7.1AI score0.00402EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/06/03 6:9 a.m.8 views

quic-go Has Panic in Path Probe Loss Recovery Handling

Impact The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses thereby triggering the newly adde...

7.5CVSS6.7AI score0.00402EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2025/06/03 2:39 a.m.3 views

SUSE CVE-2025-29785

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

7.5CVSS6.9AI score0.00402EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/02 12:13 p.m.6 views

CVE-2025-29785

A flaw was found in quic-go. This vulnerability allows a malicious QUIC client to cause a nil-pointer dereference, leading to an application-level denial of service via specially crafted ACK packets following spoofed path validation probes. Mitigation Mitigation for this issue is either not...

7.5CVSS6.6AI score0.00402EPSS
Exploits0References6
NVD
NVD
added 2025/06/02 11:15 a.m.18 views

CVE-2025-29785

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

7.5CVSS0.00402EPSS
Exploits0References3
OSV
OSV
added 2025/06/02 11:15 a.m.2 views

DEBIAN-CVE-2025-29785

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

7.5CVSS5.5AI score0.00402EPSS
Exploits0References1
OSV
OSV
added 2025/06/02 11:15 a.m.5 views

UBUNTU-CVE-2025-29785

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

7.5CVSS5.8AI score0.00402EPSS
Exploits0References5
CVE
CVE
added 2025/06/02 10:44 a.m.55 views

CVE-2025-29785

CVE-2025-29785 affects quic-go. The vulnerability stems from the loss recovery logic for path probe packets added in v0.50.0, which can trigger a nil-pointer dereference when a malicious QUIC client sends specific crafted ACKs after starting from multiple remote addresses and allowing path probe ...

7.5CVSS7.5AI score0.00402EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/02 10:44 a.m.15 views

CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

7.5CVSS5.3AI score0.00402EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/02 10:44 a.m.26 views

CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

7.5CVSS0.00402EPSS
Exploits0References3
OSV
OSV
added 2025/06/02 10:44 a.m.4 views

CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

7.5CVSS6.6AI score0.00402EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.3 views

PT-2025-23490 · Quic-Go +1 · Quic-Go +1

Name of the Vulnerable Software and Affected Versions: quic-go versions 0.50.0 Description: The loss recovery logic for path probe packets in quic-go can be exploited by a malicious QUIC client to trigger a nil-pointer dereference. This is achieved by sending valid QUIC packets from different...

7.5CVSS6.2AI score0.00402EPSS
Exploits0References21
RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.7 views

CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

7.5CVSS6.7AI score0.00765EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:47 a.m.8 views

CVE-2022-31077

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a...

5.7CVSS6.7AI score0.00761EPSS
Exploits0References1
Rows per page
Query Builder