PT-2025-51803

Name of the Vulnerable Software and Affected Versions ipfw versions affected versions not specified Description The tcp-setmss handler may free packet data and generate an error without stopping rule processing. A subsequent rule could then allow traffic to pass after the packet data is removed,...

Spring gRPC Next Steps for 1.0.0

This is a new blog post in the Road to GA series, this time updating everyone on the plans to integrate Spring gRPC with Spring Boot 4. The original plan was to move the autoconfiguration from Spring gRPC into Spring Boot in time for the 4.0 release. Unfortunately we haven't been able to find the...

Spring gRPC Next Steps for 1.0.0

This is a new blog post in the Road to GA series, this time updating everyone on the plans to integrate Spring gRPC with Spring Boot 4. The original plan was to move the autoconfiguration from Spring gRPC into Spring Boot in time for the 4.0 release. Unfortunately we haven't been able to find the...

EUVD-2011-1424

Malware in sbrugna...

CVE-2023-53365 ip6mr: Fix skb_under_panic in ip6mr_cache_report()

In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fix skbunderpanic in ip6mrcachereport skbuff: skbunderpanic: text:ffffffff88771f69 len:56 put:-4 head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg ------------ cut here ------------ kernel BUG at...

Using Spring AI 1.0.0-SNAPSHOT: Important Changes and Updates

Using Spring AI 1.0.0-SNAPSHOT: Important Changes and Updates Spring AI 1.0.0-SNAPSHOT introduces several important changes to artifact IDs, dependency management, and autoconfiguration. This blog post outlines these changes and provides guidance on how to update your projects. The most significa...

CVE-2023-29046

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...

CVE-2023-29046

CVE-2023-29046 affects Open-Xchange App Suite. The issue: connections to external data sources (e.g., email autoconfig) are not terminated on timeout and are logged instead. Some connections target user-controlled endpoints, enabling an attacker to keep connections open and trigger a large amount...

Pacparser 安全漏洞

Pacparser is a library for parsing Proxy Autoconfiguration PAC files by the individual developer Manu Garg. A security vulnerability exists in Pacparser versions prior to 1.3.x, which originates in the function pacparserfindproxy in the file src/pacparser.c, where manipulation of the parameter ur...

Open-Xchange (OX) App Suite Multiple Security Bypass Vulnerabilities (Oct 2015)

Open-Xchange OX App Suite is prone to multiple security bypass vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2014-2392

The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs...

Deserialization of untrusted data

The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs...

CVE-2014-2392

Open-Xchange App Suite is affected by CVE-2014-2392 (E-Mail autoconfiguration) and CVE-2014-2392 describes that a password is transmitted in a GET parameter. Affected versions include 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13. The underlying issue is information exposure...

ipv6-ra-flood NSE Script

Generates a flood of Router Advertisements RA with random source MAC addresses and IPv6 prefixes. Computers, which have stateless autoconfiguration enabled by default every major OS, will start to compute IPv6 suffix and update their routing table to reflect the accepted announcement. This will...

ICMPv6 Router Announcement flooding denial of service affecting multiple systems

This security advisory is released because Microsoft doesnt want to fix the issue. Cisco did for its IOS and ASA within 3 months. Title: ICMPv6 Router Announcement flooding denial of service affecting multiple systems Date: 05 April 2011 URL:...

CVE-2011-1418

The stateless address autoconfiguration aka SLAAC functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses...

Apple iPhone cryptographic weakness

Certificate key usage is not checked during validation of .mobileconfig wireless autoconfiguration file...