Lucene search
K

121 matches found

OSV
OSV
added 2025/10/13 7:59 p.m.20 views

GHSA-4P3P-CR38-V5XP Omni is Vulnerable to DoS via Empty Create/Update Resource Requests

Summary A nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. Details The vulnerability exists in the isSensitiveSpec function whic...

5.3CVSS7.1AI score0.0053EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/10/13 7:59 p.m.8 views

Omni is Vulnerable to DoS via Empty Create/Update Resource Requests

Summary A nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. Details The vulnerability exists in the isSensitiveSpec function whic...

7.5CVSS7.1AI score0.0053EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.5 views

PT-2025-41805

Name of the Vulnerable Software and Affected Versions Omni versions prior to 1.1.5 Omni version 1.0.2 Description Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. A nil pointer dereference in the Omni Resource Service allows unauthenticated users to cause a server panic and...

7.5CVSS6.4AI score0.0053EPSS
Exploits1References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0395

Malicious code in bioql PyPI...

7.5CVSS6.7AI score0.00864EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-2633

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00765EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6183

Malicious code in bioql PyPI...

5.7CVSS5.7AI score0.00761EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-7668

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01116EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2245

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.03228EPSS
Exploits0References16
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.33 views

DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error

We found two instances in the DragonFly codebase where the first return value of a function is dereferenced even when the function returns an error figures 9.1 and 9.2. This can result in a nil dereference, and cause code to panic. The codebase may contain additional instances of the bug. golang...

6.9CVSS7.1AI score0.00293EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2025/08/21 5:1 p.m.8 views

CVE-2025-8402 Nil pointer dereference in bulk import crashes server

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...

4.9CVSS0.00299EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/21 5:1 p.m.2 views

CVE-2025-8402 Nil pointer dereference in bulk import crashes server

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...

4.9CVSS7AI score0.00299EPSS
Exploits0References1
Veracode
Veracode
added 2025/06/05 3:9 a.m.4 views

Null Pointer Dereference

github.com/quic-go/quic-go is vulnerable to a Nil-Pointer Dereference. The vulnerability is due to improper handling of ACKs for path probe packets, where they are crafted and sent by a malicious client in a way that triggers the nil-pointer dereference in the server's loss recovery logic, It...

7.5CVSS6.5AI score0.00402EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/03 6:9 a.m.8 views

quic-go Has Panic in Path Probe Loss Recovery Handling

Impact The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses thereby triggering the newly adde...

7.5CVSS6.7AI score0.00402EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/02 12:13 p.m.6 views

CVE-2025-29785

A flaw was found in quic-go. This vulnerability allows a malicious QUIC client to cause a nil-pointer dereference, leading to an application-level denial of service via specially crafted ACK packets following spoofed path validation probes. Mitigation Mitigation for this issue is either not...

7.5CVSS6.6AI score0.00402EPSS
Exploits0References6
NVD
NVD
added 2025/06/02 11:15 a.m.18 views

CVE-2025-29785

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

7.5CVSS0.00402EPSS
Exploits0References3
CVE
CVE
added 2025/06/02 10:44 a.m.55 views

CVE-2025-29785

CVE-2025-29785 affects quic-go. The vulnerability stems from the loss recovery logic for path probe packets added in v0.50.0, which can trigger a nil-pointer dereference when a malicious QUIC client sends specific crafted ACKs after starting from multiple remote addresses and allowing path probe ...

7.5CVSS7.5AI score0.00402EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/02 10:44 a.m.15 views

CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

7.5CVSS5.3AI score0.00402EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/02 10:44 a.m.26 views

CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

7.5CVSS0.00402EPSS
Exploits0References3
OSV
OSV
added 2025/06/02 10:44 a.m.4 views

CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

7.5CVSS6.6AI score0.00402EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.3 views

PT-2025-23490 · Quic-Go +1 · Quic-Go +1

Name of the Vulnerable Software and Affected Versions: quic-go versions 0.50.0 Description: The loss recovery logic for path probe packets in quic-go can be exploited by a malicious QUIC client to trigger a nil-pointer dereference. This is achieved by sending valid QUIC packets from different...

7.5CVSS6.2AI score0.00402EPSS
Exploits0References21
Rows per page
Query Builder