quic-go 数据伪造问题漏洞

quic-go is an implementation of the QUIC protocol, RFC 9000 protocol in Go by Lucas Clemente, a personal developer. A data forgery issue vulnerability exists in versions of quic-go prior to v0.48.1, which stems from the mishandling of ICMP Packet Too Large messages, and could allow an out-of-path...

UBUNTU-CVE-2024-11701

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 133 and Thunderbird 133...

kernel: vsock: remove vsock from connected table when connect is interrupted by a signal

A vulnerability was found in the Linux kernel's vsock subsystem's vsockstreamconnect function where improper handling of the socket state can lead to the connected table's list being corrupted. This occurs when a signal interrupt occurs and resets the socket's state without removing it from the...

The vulnerability of SINEC INS network infrastructure management software lies in the insufficient control over the size of log files created during operations. This allows attackers to trigger service interruptions.

The vulnerability of the SINEC INS network infrastructure management software is related to insufficient control over the size of the log files created. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

The vulnerability of the CopyCoder component of the 7-Zip archive, which allows a hacker to trigger a service failure.

The vulnerability of the CopyCoder component in the 7-Zip compressor is related to insufficient memory allocation for operations. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Exploit for Classic Buffer Overflow in Qnap Qts

CVE-2024-27130-poc CVE-2024-27130 is a serious vulnerability...

The vulnerabilities of the s390/bpf components of the Linux operating system’s kernel allow attackers to trigger service interruptions.

The vulnerability of the s390/bpf components of the Linux operating system’s kernel is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of Palo Alto Networks’ operating system PAN-OS, related to the assignment of the zero pointer, allows a perpetrator to trigger a service failure.

The vulnerability of Palo Alto Networks’ PAN-OS operating system relates to the handling of the zero pointer. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of the OSPFv2 network protocol implementation in the Cisco IOS XE operating system allows a attacker to cause a service failure.

The vulnerability of the OSPFv2 network protocol implementation in Cisco IOS XE operating systems is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the CGI microprogramming interface of Zyxel’s GS1900 series routers allows a hacker to cause a service failure.

The vulnerability of the CGI microprogramming interface of Zyxel’s GS1900 series routers lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

The vulnerability in the implementation of the SMB protocol in Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the SMB protocol implementation in Windows operating systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the InnoDB component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the InnoDB component in the Oracle MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL protocol...

The vulnerability of the Zelio Soft 2 software for intelligent relays, related to incorrect validation of entered data, allows a perpetrator to cause service interruptions.

The vulnerability of the Zelio Soft 2 software for intelligent relays from Zelio Logic relates to incorrect validation of entered data. Exploiting this vulnerability can allow an attacker to cause a service failure by loading a specially created project file...

The vulnerability of the InnoDB component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the InnoDB component in the Oracle MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL protocol...

Vulnerability of Linux operating system’s kernel components related to memory failures, allowing attackers to cause service interruptions

The vulnerability of Linux operating system’s kernel’s mm/memory-failure components is related to incorrect blocking in the pagehandlepoison function. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside the buffer in memory, allowing an attacker to cause a service failure.

The vulnerability in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations beyond the buffer in memory during JIT-compilation. Exploiting this vulnerability can allow an attacker to cause service interruptions...

The vulnerabilities of AppleTalk Dissector, Dissector/RELOAD, Framing Dissector, and the Wireshark traffic analyzer allow attackers to cause service failures.

The vulnerability of AppleTalk Dissector/RELOAD Framing Dissector for computer network traffic detection by Wireshark is related to incorrect handling of missing values. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

The vulnerability of the Raft Consensus Algorithm, a data distribution algorithm used in the Integrated Storage platform of HashiCorp’s Vault and Vault Enterprise, allows a hacker to trigger a service failure.

The vulnerability of the Raft Consensus Algorithm, a data distribution algorithm used in the Integrated Storage platform of HashiCorp’s Vault and Vault Enterprise, involves unlimited resource consumption due to incorrect node attachment to the cluster. Exploiting this vulnerability can allow an...

Vulnerability of the Server component: The Pluggable Auth feature of the Oracle MySQL Server database management system, which allows attackers to cause service interruptions.

The vulnerability of the Oracle MySQL Server component, related to the Pluggable Auth feature of the Oracle Database Management System, involves improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL protocol...

Cross-site Scripting (XSS)

Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Jinja2 template system. An attacker can retrieve or modify sensitive configuration settings, interrupt prints, or otherwise interact with the...