CVE-2026-42579

A flaw was found in Netty. Netty's DNS Domain Name System codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the...

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

CVE-2024-52615

A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected...

CVE-2024-52615

CVE-2024-52615 affects Avahi-daemon (DNS service discovery) with a flaw in fixed source ports for wide-area DNS queries, enabling easier DNS response injection. Public advisories (SUSE/SLE, EulerOS, MiracleLinux/OpenSUSE openSUSE, Unity Linux, etc.) reflect remediation via security fixes (e.g., S...

CVE-2024-44097

According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. T...

Proxmox Virtual Environment 安全漏洞

Proxmox Virtual Environment Proxmox VE is an open source server virtualization environment Linux distribution from Proxmox. A security vulnerability exists in Proxmox Virtual Environment, which stems from insufficient protection against malicious API response values, and allows an authenticated...

go-git: Maliciously crafted Git server replies can cause DoS on go-git clients

A denial of service DoS vulnerability was found in the go library go-git. This issue may allow an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients...

Scrapy Security Vulnerabilities

Scrapy is a free and open source web crawler framework written in Python. A security vulnerability exists in Scrapy that stems from the use of vulnerable regular expressions for parsing, where processing a malicious response may result in extreme CPU and memory usage during parsing of its content...

DEBIAN-CVE-2022-30322

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0...

CVE-2022-30322

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0...

UBUNTU-CVE-2022-30322

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0...

PT-2022-20063 · Hashicorp +1 · Go-Getter +1

Name of the Vulnerable Software and Affected Versions: HashiCorp go-getter versions 1.5.11 and earlier, 2.0.2 and earlier HashiCorp go-getter versions up to 2.0.2 Description: The issue allows for arbitrary host access via path traversal, symlink processing, and command injection flaws. It also...

Sun & Moon Rise Shockwall system 输入验证错误漏洞

The Sun & Moon Rise Shockwall System is a computer endpoint protection system from Sun & Moon Rise, a Chinese company, that suffers from a security vulnerability that could be exploited to send malicious responses to servers to partially disrupt service...

CVE-2019-3979

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's...

Microsoft Windows DNS Insufficient Socket Entropy (MS08-037) - High Confidence (CVE-2008-1447)

There exists a DNS Cache Poisoning vulnerability in Microsoft DNS servers and clients. A remote attacker can exploit this vulnerability to poison the DNS cache by sending malicious responses to DNS requests, thereby redirecting Internet traffic to illegitimate sites. In a successful attack case,...

Microsoft Windows DNS Insufficient Socket Entropy (MS08-037; CVE-2008-1447)

There exists a DNS Cache Poisoning vulnerability in Microsoft DNS servers and clients. A remote attacker can exploit this vulnerability to poison the DNS cache by sending malicious responses to DNS requests, thereby redirecting Internet traffic to illegitimate sites. In a successful attack case,...

Hitachi Web Server Reverse Proxy Denial of Service (DoS) Vulnerability

Overview Hitachi Web Server contains a vulnerability that could lead to a denial of service DoS condition when using it as a reverse proxy due to excessive memory usage. Impact The server could fall into a denial of service DoS state when continuously receiving fraudulent responses from backend W...