CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

OpenSSL 异常处理不当漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the workflowtemplateserver and clusterworkflowtemplateserver components. An attacker can obtain sensitive information, such as embedded secrets and resource manifests, by sending unauthorized requests with a...

Improper Control of Interaction Frequency

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Control of Interaction Frequency via the hooks HTTP handler. An attacker can cause temporary lockout of legitimate webhook delivery by sending repeated non-POST requests with...

EUVD-2010-1350

Malware in sbrugna...

EUVD-2024-16353

Malicious code in bioql PyPI...

CVE-2023-38367

IBM Cloud Pak Foundational Services Identity Provider idP API IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker ...

CVE-2024-27308

Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some...

The vulnerability of the rsyncd utility for transferring and synchronizing Rsync files allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the rsyncd utility for transferring and synchronizing Rsync files involves the generation of invalid tokens and checksums during the copying process. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

AZL-52198 CVE-2024-51744 affecting package dcos-cli for versions less than 1.2.0-18

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52230 CVE-2024-51744 affecting package coredns for versions less than 1.11.1-18

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52195 CVE-2024-51744 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52248 CVE-2024-51744 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-25

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

CVE-2024-51744 Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

PT-2024-34877

Name of the Vulnerable Software and Affected Versions golang-jwt versions prior to 4.5.1 Description The issue arises from unclear documentation of the error behavior in ParseWithClaims, potentially leading to situations where users do not properly check errors. Specifically, if a token is both...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A denial of service vulnerability exists in...

SUSE CVE-2024-27308

Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some...

AZL-61991 CVE-2024-27308 affecting package tardev-snapshotter 3.2.0.tardev1-6

Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some...

Tokens for named pipes may be delivered after deregistration

Impact When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some applications, invalid tokens may be...

PT-2024-21810

Name of the Vulnerable Software and Affected Versions mio versions 0.7.2 through 0.8.10 Tokio versions 1.30.0 and later, when used with a vulnerable version of mio Description The issue occurs when using named pipes on Windows, where mio may return invalid tokens corresponding to named pipes that...