PT-2025-3682 · Ember · Ember Znet Stack

Name of the Vulnerable Software and Affected Versions: Ember ZNet stack affected versions not specified Description: A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert. Recommendations: At the moment, there is no information about a newer...

firefox: Alt-Svc ALPN validation failure when redirected

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...

firefox: Alt-Svc ALPN validation failure when redirected

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...

firefox: Alt-Svc ALPN validation failure when redirected

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability previously existed in Mozilla Firefox version 134, which stemmed from a failure of ALPN to properly validate certificates when using Alt-Svc if the originating server redirecte...

PT-2025-42742

Name of the Vulnerable Software and Affected Versions golang versions 1.15 golang versions 1.19 Description An issue exists in the TLS implementation where errors during ALPN Application-Layer Protocol Negotiation can contain arbitrary text. This could potentially lead to information disclosure o...

CVE-2024-53259

CVE-2024-53259 affects the quic-go QUIC implementation. An off-path attacker can inject an ICMP Packet Too Large when IP_PMTUDISC_DO is used, causing the kernel to return a “message too large” error on sendmsg if a QUIC packet exceeds the MTU claimed in the ICMP message. This can disrupt a QUIC c...

The vulnerability of the Application Layer Gateway module in Juniper Networks’ Junos OS network devices of the SRX and MX series allows a attacker to cause service interruptions.

The vulnerability of the Application Layer Gateway module in Juniper Networks’ Junos OS network devices of the SRX and MX series involves an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

Suricata 安全漏洞

Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A security vulnerability exists in Suricata versions prior to 7.0.7 that stems from an invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled, which may cause Suricata to abort and panic...

openssl: SSL_select_next_proto buffer overread

A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSLselectnextproto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called...

CVE-2024-43099

The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...

CVE-2024-43099 AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay

The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...

CVE-2024-43099 AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay

The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...

CVE-2024-43099

CVE-2024-43099 affects AutomationDirect DirectLogic H2-DM1E PLCs (versions ≤2.8.0). The vulnerability enables authentication bypass by capture-replay, allowing an attacker who captures a session key and spoofs IP/MAC to inject traffic into an ongoing authenticated session. Affected product is the...

DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals

Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landscape of cyber...

Medium: openssl

Issue Overview: Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected applicati...

CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / openssl (CVE-2024-5535)

The version of cloud-hypervisor-cvm / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5535 advisory. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty...

RHEL 9 : nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication...

SUSE CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

ALPINE-CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...