121 matches found
GHSA-4P3P-CR38-V5XP Omni is Vulnerable to DoS via Empty Create/Update Resource Requests
Summary A nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. Details The vulnerability exists in the isSensitiveSpec function whic...
Omni is Vulnerable to DoS via Empty Create/Update Resource Requests
Summary A nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. Details The vulnerability exists in the isSensitiveSpec function whic...
PT-2025-41805
Name of the Vulnerable Software and Affected Versions Omni versions prior to 1.1.5 Omni version 1.0.2 Description Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. A nil pointer dereference in the Omni Resource Service allows unauthenticated users to cause a server panic and...
EUVD-2024-0395
Malicious code in bioql PyPI...
EUVD-2023-2633
Malicious code in bioql PyPI...
EUVD-2022-6183
Malicious code in bioql PyPI...
EUVD-2022-7668
Malicious code in bioql PyPI...
EUVD-2022-2245
Malicious code in bioql PyPI...
DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error
We found two instances in the DragonFly codebase where the first return value of a function is dereferenced even when the function returns an error figures 9.1 and 9.2. This can result in a nil dereference, and cause code to panic. The codebase may contain additional instances of the bug. golang...
CVE-2025-8402 Nil pointer dereference in bulk import crashes server
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...
CVE-2025-8402 Nil pointer dereference in bulk import crashes server
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature...
Null Pointer Dereference
github.com/quic-go/quic-go is vulnerable to a Nil-Pointer Dereference. The vulnerability is due to improper handling of ACKs for path probe packets, where they are crafted and sent by a malicious client in a way that triggers the nil-pointer dereference in the server's loss recovery logic, It...
quic-go Has Panic in Path Probe Loss Recovery Handling
Impact The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses thereby triggering the newly adde...
CVE-2025-29785
A flaw was found in quic-go. This vulnerability allows a malicious QUIC client to cause a nil-pointer dereference, leading to an application-level denial of service via specially crafted ACK packets following spoofed path validation probes. Mitigation Mitigation for this issue is either not...
CVE-2025-29785
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...
CVE-2025-29785
CVE-2025-29785 affects quic-go. The vulnerability stems from the loss recovery logic for path probe packets added in v0.50.0, which can trigger a nil-pointer dereference when a malicious QUIC client sends specific crafted ACKs after starting from multiple remote addresses and allowing path probe ...
CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...
CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...
CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...
PT-2025-23490 · Quic-Go +1 · Quic-Go +1
Name of the Vulnerable Software and Affected Versions: quic-go versions 0.50.0 Description: The loss recovery logic for path probe packets in quic-go can be exploited by a malicious QUIC client to trigger a nil-pointer dereference. This is achieved by sending valid QUIC packets from different...