CVE-2024-50694

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow...

Rocket.Chat 授权问题漏洞

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an authorization issue vulnerability that stems from the fact that editing a message can change the original timestamp, causing the UI to display the messages in the wrong order. An attacker could use this vulnerability to...

BalaBit IT Security syslog-ng NULL指针引用拒绝服务漏洞

BalaBit IT Security syslog-ng是一款系统日志记录工具, 可用于替代标准的Unix系统日志记录程序syslogd。 syslog-ng处理消息时间戳存在问题，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 如果入站消息的时间戳不以空格字符结尾，就会导致NULL指针引用而造成应用程序崩溃。 Balabit syslog-ng 2.1.7 Balabit syslog-ng 2.1.6 Balabit syslog-ng 2.1.5 Balabit syslog-ng 2.1.4 Balabit syslog-ng 2.1.3 Balabit syslog-ng...