CVE-2026-7009

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine...

CVE-2025-40326

In the Linux kernel, the following vulnerability has been resolved: NFSD: Define actions for the new timedeleg FATTR4 attributes NFSv4 clients won't send legitimate GETATTR requests for these new attributes because they are intended to be used only with CBGETATTR and SETATTR. But NFSD has to do...

PYSEC-2024-310

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

PYSEC-2024-310

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

CVE-2024-53253 Sentry's improper error handling leaks Application Integration Client Secret

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

AfEth deposits could use price data from an invalid Chainlink response

Lines of code Vulnerability details Summary The current price implementation for the VotiumStrategy token uses a potentially invalid Chainlink response. This price is then used to calculate the price of AfEth and, subsequently, the amount of tokens to mint while depositing. Impact The price of...

SUSE CVE-2019-18838

An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An...

ntp security update

4.2.6p5-29.0.1 - Bump release to avoid ULN conflict with Oracle modified errata. 4.2.6p5-29.el78.2 - don't update transmission time on invalid response CVE-2020-11868 - randomize transmit timestamp in client requests CVE-?, 1813787...

OpenStack Keystone Information Disclosure Vulnerability (CNVD-2018-25881)

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. in the U.S. OpenStack Keystone is one of the projects used for authentication, providing identity, token, directory, and policy services. A security vulnerability...

RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 4 (RHSA-2018:2469)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2469 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

Fixed in Apache Tomcat Native Connector 1.2.17

Moderate: Mishandled OCSP invalid response CVE-2018-8019 When using an OCSP responder Tomcat Native did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates...

CVE-2007-2297

The SIP channel driver chansip in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service crash...

CVE-2004-1435

Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.60 and 4.61, 4.5x, 4.10 to 4.13, 4.00 to 4.02, and earlier versions, allows remote attackers to cause a denial of service control card reset via a large number of TCP connections with an invalid response instead of th...

Colin McRae Rally 2004 - Multiplayer Denial of Service

source: https://www.securityfocus.com/bid/10464/info It is reported that Colin McRae Rally 2004 has a flaw handling server responses when entering the multiplayer menu of the game. When entering the multiplayer menu, the game client sends a broadcast message requesting information from all server...