182 matches found
CVE-2023-46673
A flaw was found in Elasticsearch. A malicious script used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. Mitigation No mitigation is yet available for this flaw...
GHSA-285M-VHFQ-XX4H Elasticsearch Improper Handling of Exceptional Conditions
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...
Elasticsearch Improper Handling of Exceptional Conditions
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...
CVE-2023-46673
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...
CVE-2023-46673
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...
Code injection
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...
Elasticsearch Security Vulnerabilities
Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch that stems from the use of misformatted scripts in the script handler of the ingestion pipeline, which causes nodes to crash...
CVE-2023-46239 quic-go vulnerable to pointer dereference that can lead to panic
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...
mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service...
mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service...
nodejs: process interuption due to invalid Public Key information in x509 certificates
A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as...
Sails.js 安全漏洞
Sails.js is a Node.js-based web application framework from Sails, Inc. in the United States. A security vulnerability exists in Sails.js versions prior to 1.5.7, which originates in a Sails application, where an attacker can send a virtual request that causes the node process to crash...
PT-2023-3652 · Ros2 · Ros2
Name of the Vulnerable Software and Affected Versions: ROS2 versions 2 Description: The issue is related to errors in resource release, which can be exploited to cause a denial of service. A malicious user can potentially exploit this issue remotely, leading to a crash of the ROS2 nodes...
GHSA-CQMJ-92XF-R6R9 Insufficient validation when decoding a Socket.IO packet
Impact A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. TypeError: Cannot convert object to primitive value at Socket.emit node:events:507:25 at .../nodemodules/socket.io/lib/socket.js:531:14 Patches A fix has been...
AZL-44820 CVE-2022-41940 affecting package js-jquery 3.5.0-4
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...
PT-2022-36714 · Apple · Apfs
Name of the Vulnerable Software and Affected Versions: APFS affected versions not specified Description: The issue is related to a crash type of UNKNOWN READ in the APFSJObjBtreeNode::find function. The crash state involves the APFSBtreeNodeIterator and APFSJObjTree::obj. No information is provid...
ZEIT Next.js 代码问题漏洞
ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. A security vulnerability exists in ZEIT Next.js that stems from the fact that when a specific request is sent to the Next.js server, it may cause an unhandledRejection in the server,...
Denial Of Service (DoS)
github.com/hyperledger/fabric is vulnerable to denial of service DoS attacks. Lack of validations in getChannelAndChaincodeFromSignedProposal function may cause a peer node crash when a gateway client application sends a malformed request to a gateway peer...
CVE-2022-36023
CVE-2022-36023 affects Hyperledger Fabric (gateway component). A malformed gateway request to a gateway peer can cause the peer to crash. The issue is addressed by upgrading to version 2.4.6, which implements input validation and returns an error to the gateway client instead of crashing. No publ...
GHSA-72X4-CQ6R-JP4P Hyperledger Fabric vulnerable to Improper Input Validation in orderer/common/cluster consensus request
Impact If a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. This fix checks for the malformed consensus request and returns an error to the consensus client. Specific Go Packages Affected github.com/hyperledger/fabric/orderer/common/cluster Patche...