CVE-2024-38809

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...

CVE-2024-38809

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...

CVE-2024-38809

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...

CVE-2024-38809

CVE-2024-38809 is a Spring Framework DoS vulnerability arising when parsing ETags from If-Match/If-None-Match headers. Affected OpenPages advisory confirms remediation by upgrading Spring to a fixed package version (OpenPages uses Spring Framework 5.3.x; remediation version stated as 5.3.39.2511)...

CVE-2024-6654

Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down...

CVE-2024-40094

A vulnerability was found in GraphQL Java, affecting versions prior to 21.5. This flaw allows an attacker to perform a denial of service DoS attack via introspection queries. The issue arises due to the improper handling of ExecutableNormalizedFields ENFs, which are not adequately considered duri...

CVE-2024-8405

CVE-2024-8405: PaperCut NG/MF on Windows with Web Print enabled is affected by an arbitrary file creation flaw in the web-print.exe process. A malicious payload can cause non-existent files to be created, leading to disk-space exhaustion and DoS. Root cause and impact are described in vendor note...

kernel: virtio-net: tap: mlx5_core short frame denial of service

A denial of service DoS attack was found in the mlx5 driver in the Linux kernel. A KVM guest VM using virtio-net can crash the host by sending a short packet, for example, size = ETHHLEN...

CVE-2024-8887 Authentication bypass vulnerability on CIRCUTOR Q-SMT

CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service DoS attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow...

CVE-2023-28451

An issue was discovered in Technitium 11.0.2. There is a vulnerability called BadDNS in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS denial of service for normal resolution. The effects of an exploit would be widespread and highly impactful, becaus...

CVE-2024-46552

CVE-2024-46552 affects DrayTek Vigor 3910, specifically version v4.3.2.6, where a buffer overflow in the sStRtMskShow parameter on ipstrt.cgi can cause a Denial of Service. This is the concrete detail provided across connected sources; no exploitation methods or mitigations are described in the d...

Debian dla-3886 : libnode-dev - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3886 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3886-1 [email protected]...

Gitlab -- vulnerabilities

Gitlab reports: Execute environment stop actions as the owner of the stop action job Prevent code injection in Product Analytics funnels YAML SSRF via Dependency Proxy Denial of Service via sending a large glmsource parameter CIJOBTOKEN can be used to obtain GitLab session token Variables from...

CVE-2024-23185

Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "fullvalue" buffer out of the smaller chunks. The fullvalue buffer has no si...

CVE-2024-23185

Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "fullvalue" buffer out of the smaller chunks. The fullvalue buffer has no si...

CVE-2024-23185

Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "fullvalue" buffer out of the smaller chunks. The fullvalue buffer has no si...

External Secrets Operator vulnerable to privilege escalation

Details The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets...

CVE-2023-51368

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service DoS attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722...

CVE-2024-8418

A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...

CVE-2024-42058

CVE-2024-42058 is a null pointer dereference vulnerability in Zyxel devices: Zyxel ATP firmware v4.32–v5.38, USG FLEX v4.50–v5.38, USG FLEX 50(W) v5.20–v5.38, and USG20(W)-VPN v5.20–v5.38. It allows an unauthenticated attacker to cause DoS by sending crafted packets, with network attack vector an...