133 matches found
CVE-2025-23323
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service...
CVE-2025-23324
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service...
NVIDIA Triton Inference Server 数字错误漏洞
NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. A denial of service vulnerability exists in NVIDIA Triton Inference Server, which stems from an invalid request that could result in a...
PT-2025-32583 · Mattermost · Mattermost Confluence Plugin
Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not properly handle unexpected request bodies. This allows attackers to crash the plugin by repeatedly sending requests with invalid bodie...
Vite has an `server.fs.deny` bypass with an invalid `request-target`
Summary The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. Impact Only apps with the following conditions are affected. - explicitly exposing the Vite dev server to the network using --host or server.host config option - running the Vite de...
GHSA-356W-63V5-8WF4 Vite has an `server.fs.deny` bypass with an invalid `request-target`
Summary The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. Impact Only apps with the following conditions are affected. - explicitly exposing the Vite dev server to the network using --host or server.host config option - running the Vite de...
CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`
Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...
CVE-2024-12761
A Denial of Service DoS vulnerability exists in the brycedrennan/imaginairy repository, version 15.0.0. The vulnerability is present in the /api/stablestudio/generate endpoint, which can be exploited by sending an invalid request. This causes the server process to terminate abruptly, outputting...
CVE-2024-12761 Denial of Service in brycedrennan/imaginairy
A Denial of Service DoS vulnerability exists in the brycedrennan/imaginairy repository, version 15.0.0. The vulnerability is present in the /api/stablestudio/generate endpoint, which can be exploited by sending an invalid request. This causes the server process to terminate abruptly, outputting...
CVE-2024-12761
The CVE-2024-12761 DoS affects imaginAIry (brycedrennan/imaginairy), v15.0.0. The vulnerability exists in the /api/stablestudio/generate endpoint and is triggered by sending an invalid request, causing the server process to terminate with KILLED and making the service unavailable. Connected docum...
waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...
DEBIAN-CVE-2024-41072
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211wextsiwscan', add extra check whether number of channels passed via 'ioctlsock, SIOCSIWSCAN, ...' doesn't exceed IWMAXFREQUENCIES and reject invalid request with...
UBUNTU-CVE-2024-41072
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211wextsiwscan', add extra check whether number of channels passed via 'ioctlsock, SIOCSIWSCAN, ...' doesn't exceed IWMAXFREQUENCIES and reject invalid request with...
CVE-2021-47170
In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in...
The vulnerability of the Bluetooth module of the EMUI operating system of HarmonyOS allows a hacker to disclose protected information.
The vulnerability of the Bluetooth module of the EMUI operating system of HarmonyOS is related to the lack of checks for the validity of incoming requests. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by this system...
Oracle Linux 7 : mod_auth_openidc (ELSA-2019-2112)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2112 advisory. - Resolves: rhbz1626297 - CVE-2017-6413 modauthopenidc: OIDCCLAIM and OIDCAuthNHeader not skipped in an 'AuthType oauth20' configuration rhel-7 Tenable...
GO-2023-1941 Panic when handling invalid request in MITM mode in github.com/elazarl/goproxy
An invalid request can cause a panic when running in MITM mode...
GO-2023-1923 Panic when handling invalid HAProxy PROXY v2 request in github.com/mastercactapus/proxyprotocol
Panic when handling invalid HAProxy PROXY v2 request in github.com/mastercactapus/proxyprotocol...
CVE-2023-20162
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...
CVE-2023-20161
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...