82 matches found
Authentication Bypass
Spring gRPC is vulnerable to Authentication Bypass. The vulnerability is due to improper clearing of the authenticated security context on gRPC worker threads, where a previously authenticated identity may persist after an access denial and be reused by a subsequent request, potentially leading t...
JLSEC-2026-35
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...
Important: Red Hat Security Advisory: yggdrasil security update
An update for yggdrasil is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
EUVD-2010-4017
Malware in sbrugna...
EUVD-2007-3293
Malware in sbrugna...
EUVD-2012-2848
Malware in sbrugna...
EUVD-2024-34467
Malicious code in bioql PyPI...
EUVD-2024-35232
Malicious code in bioql PyPI...
EUVD-2024-22351
Malicious code in bioql PyPI...
RLSA-2025:7592 Important: yggdrasil security update
yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker. Security Fixes: yggdrasil: Local privilege escalation in yggdrasi...
CVE-2025-3931
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...
Linux Distros Unpatched Vulnerability : CVE-2021-42717
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web serve...
BIT-NGINX-2024-24989 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
BIT-NGINX-2024-24990 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
BIT-NGINX-2024-31079 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...
Internet Bug Bounty: CVE-2024-31079 in nginx
CVE-2024-31079 was discovered in the NGINX HTTP/3 QUIC module. When NGINX Plus or NGINX OSS were configured to use this module, undisclosed HTTP/3 requests could cause NGINX worker processes to terminate or experience other potential impact. The vulnerability was classified as a stack-based buffe...
Internet Bug Bounty: CVE-2024-32760 in nginx
CVE-2024-32760 was discovered in the HTTP/3 QUIC module of NGINX Plus and NGINX OSS. When the module was configured, undisclosed HTTP/3 encoder instructions could cause NGINX worker processes to terminate or experience other potential impact...
CVE-2024-35200
A flaw was found in the nginx HTTP/3 implementation. This issue may allow an attacker using a specially crafted QUIC session to trigger a NULL pointer dereference error, causing worker processes to crash and lead to a denial of service. Mitigation Mitigation for this issue is either not available...
CVE-2024-31079
A flaw was found in the nginx HTTP/3 implementation. Undisclosed HTTP/3 requests can trigger a stack-based buffer overflow, causing worker processes to crash and lead to a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not mee...
CVE-2024-35200
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate...