Monthly
Query processing delays in dnsdist's DoH3 (DNS over HTTPS/3) implementation allow unauthenticated remote attackers to partially degrade DNS resolution availability by sending crafted GET requests containing invalid HTTP/3 DATA frames. Affected deployments are limited to those with DoH3 explicitly enabled; the CVSS score of 3.7 reflects high attack complexity and only a low availability impact. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded app...
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Incorrect Control Flow Scoping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Query processing delays in dnsdist's DoH3 (DNS over HTTPS/3) implementation allow unauthenticated remote attackers to partially degrade DNS resolution availability by sending crafted GET requests containing invalid HTTP/3 DATA frames. Affected deployments are limited to those with DoH3 explicitly enabled; the CVSS score of 3.7 reflects high attack complexity and only a low availability impact. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded app...
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Incorrect Control Flow Scoping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.