14 matches found
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoided data corruption caused by decline. We identified a data corruption issue during testing of SMC-R in Redis applications. The benchmark has a low probability of reporting a strange error, as shown below: “Error:...
PT-2026-2507
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's networking subsystem related to handshake cancellations. Specifically, duplicate cancellation requests for the same handshake request can lead to a...
EUVD-2023-40423
Malicious code in bioql PyPI...
CVE-2024-8061
In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue...
DEBIAN-CVE-2023-52775
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...
CVE-2023-52775 net/smc: avoid data corruption caused by decline
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...
F5 BIG-IP Next 安全漏洞
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A denial of service vulnerability exists in F5 BIG-IP SSL that originates from an attacker being able to cause the Traffic...
April 9, 2024—KB5036910 (OS Build 25398.830)
April 9, 2024—KB5036910 OS Build 25398.830 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...
SUSE CVE-2020-13849
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service loss of the ability to establish new connections, as demonstrated by SlowITe...
ZEIT Next.js 代码问题漏洞
ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. NextAuth.js is the authentication for Next.js. A code issue vulnerability exists in Next.js NextAuth.js versions prior to 3.29.5 and prior to 4.5.0 that stems from a lack of validati...
CVE-2020-13849
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service loss of the ability to establish new connections, as demonstrated by SlowITe...
Node.js: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests
Summary: Node.js is vulnerable to HTTP denial of service DOS attacks based on delayed requests submission which can make the server unable to accept new connections. Description: An attacker can open an arbitrary number of HTTP connections and keep the server busy by never completing the request...
Nmap NSE net: ms-sql-tables
Queries Microsoft SQL Server ms-sql for a list of tables per database. The sysdatabase table should be accessible by more or less everyone The script attempts to use the sa account over any other if it has the password in the registry. If not the first account in the registry is used. Once we hav...
Apache Httpd < 1.3.35 : Expect header Cross-Site Scripting
A flaw in the handling of invalid Expect headers. If an attacker can influence the Expect header that a victim sends to a target site they could perform a cross-site scripting attack. It is known that some versions of Flash can set an arbitrary Expect header which can trigger this flaw. Not marke...