BIT-NGINX-GATEWAY-2024-31079 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...

PT-2023-31554 · Unknown · Activeadmin

Name of the Vulnerable Software and Affected Versions: ActiveAdmin versions prior to 2.12.0 Description: A concurrency issue in ActiveAdmin allows a malicious actor to access potentially private data belonging to another user by making CSV export requests at specific times. The issue is caused by...

Mars: 0 Click account takeover via timed requests to ███████forgot-password (single-packet attack)

A vulnerability was present in the forgot password functionality of the platform. By sending carefully timed requests, an attacker was able to obtain the password reset token for any account using only the victim's email address...

PT-2019-18368 · Schneider Electric · Modicon M580

Name of the Vulnerable Software and Affected Versions: Modicon M580 versions prior to V2.80 Description: A vulnerability exists that could cause a possible denial of service when sending an appropriately timed HTTP request to the controller. This issue is related to an uncaught exception...