283 matches found
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...
K000140528: BIND vulnerability CVE-2024-0760
Security Advisory Description A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions...
CVE-2024-0760 A flood of DNS messages over TCP may make the server unstable
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0...
CVE-2024-0760 A flood of DNS messages over TCP may make the server unstable
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0...
CVE-2024-0760
CVE-2024-0760 affects ISC BIND 9, specifically versions 9.18.1–9.18.27, 9.19.0–9.19.24, and 9.18.11-S1–9.18.27-S1. Description: a malicious client can flood the server with DNS messages over TCP, potentially destabilizing the server; recovery is possible after the attack stops. Impact is availabi...
UBUNTU-CVE-2024-0760
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0...
URL Rewrite
zendframework/zendframework is vulnerable to URL Rewrite. The vulnerability is due to the request URI marshaling logic that introspects HTTP request headers specific to server-side URL rewrite mechanisms. When these headers are present on systems not running the specific URL rewriting mechanism,...
Medium: iperf3
Issue Overview: It is possible for a malicious or malfunctioning client to send less than the expected amount of data to the server. If this happens, the server will hang indefinitely waiting for the remainder or until the connection gets closed. Because iperf3 is deliberately designed to service...
Amazon Linux 2 : iperf3 (ALAS-2024-2579)
The version of iperf3 installed on the remote host is prior to 3.1.7-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2579 advisory. It is possible for a malicious or malfunctioning client to send lessthan the expected amount of data to the server. If this happens,...
Zend-Diactoros URL Rewrite vulnerability
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
GHSA-JMMP-VH96-78RM Zend-Feed URL Rewrite vulnerability
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
Zend-Feed URL Rewrite vulnerability
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
GHSA-CG8W-5JRC-675G Zend-HTTP URL Rewrite vulnerability
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
Zend-HTTP URL Rewrite vulnerability
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
GHSA-FH7R-58Q4-6387 Zendframework URL Rewrite vulnerability
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
CVE-2024-5000 CODESYS: Incorrect calculation of buffer size can cause DoS on CODESYS OPC UA products
An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size...
moby/buildkit: Possible race condition with accessing subpaths from cache mounts
A vulnerability was found in the Moby Builder Toolkit. A malicious BuildKit client or any frontend that can craft a request could lead to the BuildKit daemon crashing with a panic due to the lack of input validation. A frontend is usually specified as the syntax line on a Dockerfile or with the...
Amazon Linux 2 : edk2 (ALAS-2024-2539)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2539 advisory. Issue summary: Some non-default TLS server configurations can cause unboundedmemory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to...
Fedora 40 : doctl (2023-72ab10f1de)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-72ab10f1de advisory. Automatic update for doctl-1.101.0-2.fc40. Changelog Sat Dec 9 2023 Mikel Olasagasti Uranga - Update to 1.101.0 - Closes rhbz2253730 rhbz2248265 Tenable has...
CVE-2023-49275
Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when analysisd receives a syscollector message with th...