2566 matches found
AZL-42861 CVE-2023-39325 affecting package multus for versions less than 4.0.2-3
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
UBUNTU-CVE-2023-39325
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
SUSE CVE-2023-39325
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
The vulnerability of the pfn_swap_entry_to_page() function in the include/linux/swapops.h module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the pfnswapentrytopage function in the include/linux/swapops.h module of the Linux kernel is related to concurrent access to resources race condition. Exploiting this vulnerability could allow a attacker to cause a service failure...
Race condition on timeWeightedWeeklyGlobalConcLiquidityLastSet_ can lead to incorrect rewards.
Lines of code Vulnerability details Impact timeWeightedWeeklyGlobalConcLiquidityLastSet is read and written in multiple functions. If two transactions call at similar times, the state updates could overwrite each other. The timeWeightedWeeklyGlobalConcLiquidityLastSet state variable is used in...
The vulnerability of the __ip_set_put_netlink() function in the net/netfilter/ipset/ip_set_core.c module of the netfilter kernel of the Linux operating system allows a hacker to induce a service failure.
The vulnerability of the ipsetputnetlink function in the net/netfilter/ipset/ipsetcore.c module of the netfilter component of the Linux operating system is related to concurrent access to resources race condition. Exploiting this vulnerability could allow a attacker to cause service interruptions...
FreeBSD : xrdp -- Improper handling of session establishment errors allows bypassing OS-level session restrictions (c9ff1150-5d63-11ee-bbae-1c61b4739ac9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c9ff1150-5d63-11ee-bbae-1c61b4739ac9 advisory. - xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper...
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-011)
The version of tomcat installed on the remote host is prior to 8.5.58-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2023-011 advisory. If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the...
Medium: tomcat
Issue Overview: If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that...
Denial Of Service
grpc is vulnerable to Denial Of Service. The vulnerability is due to improper error handling in TCP server which allows an attacker to initiate number of concurrent connections with the server leading to denial of service...
PT-2023-36020 · Spring · Spring
Name of the Vulnerable Software and Affected Versions: Spring versions affected versions not specified Description: The issue is related to a security exception in the org.springframework.expression.spel.ast.OpPlus.getValueInternal function. It involves the...
CVE-2022-4896
Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core...
Mozilla: Memory corruption in IPC FilePickerShownCallback
The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could...
Mozilla Firefox 资源管理错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a resource management error vulnerability that stems from the fact that when creating a callback to display a color picker window via IPC, multiple identical callbacks may be created...
Mozilla Firefox 资源管理错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a Resource Management Error vulnerability that stems from the fact that when creating callbacks via IPC to display a file chooser window, multiple identical callbacks may be created at the same...
The vulnerability of the idt77252_exit() function in the drivers/atm/idt77252.c file of the ATM network driver for the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the idt77252exit function in the drivers/atm/idt77252.c file of the ATM network driver for the Linux operating system is related to the reutilization of previously freed memory due to concurrent access to resources. Exploiting this vulnerability could allow an attacker to...
The vulnerability of the nft_chain_lookup_byid() function in the net/netfilter/nf_tables_api.c module of the Linux kernel’s netfilter packet filtering subsystem allows a attacker to escalate their privileges and compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the nftchainlookupbyid function in the net/netfilter/nftablesapi.c module of the Linux kernel’s packet filtering subsystem is related to the reutilization of previously freed memory due to concurrent access to resources. Exploiting this vulnerability could allow an attacker t...
SUSE-SU-2023:2917-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: grafana: - Update to version 9.5.5: CVE-2023-3128: Fix authentication bypass using Azure AD OAuth bsc1212641, jscPED-3694 Bug fixes: Auth: Show invite button if disable login form is set to false. Azure: Fix Kusto auto-completion for Azure datasources. RBAC...
CVE-2023-21672
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions...
Memory corruption
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions...