2 matches found
AZL-39749 CVE-2024-22189 affecting package coredns for versions less than 1.11.1-2
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...
DataGear 跨站脚本漏洞
DataGear is an open source and free data visualization and analysis platform from DataGear, Inc. A cross-site scripting vulnerability exists in versions of DataGear prior to 1.11.1, which stems from an issue with the component Graph Dataset Handler that can lead to cross-site scripting...