Lucene search
K

2566 matches found

OSV
OSV
added 2023/10/11 10:15 p.m.12 views

AZL-42861 CVE-2023-39325 affecting package multus for versions less than 4.0.2-3

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/11 10:15 p.m.2 views

UBUNTU-CVE-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.7AI score0.03796EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/10/11 1:47 a.m.3 views

SUSE CVE-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS7.3AI score0.03796EPSS
Exploits0References23
BDU FSTEC
BDU FSTEC
added 2023/10/09 12:0 a.m.5 views

The vulnerability of the pfn_swap_entry_to_page() function in the include/linux/swapops.h module of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the pfnswapentrytopage function in the include/linux/swapops.h module of the Linux kernel is related to concurrent access to resources race condition. Exploiting this vulnerability could allow a attacker to cause a service failure...

4.7CVSS6.2AI score0.00179EPSS
Exploits0References6Affected Software1
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.7 views

Race condition on timeWeightedWeeklyGlobalConcLiquidityLastSet_ can lead to incorrect rewards.

Lines of code Vulnerability details Impact timeWeightedWeeklyGlobalConcLiquidityLastSet is read and written in multiple functions. If two transactions call at similar times, the state updates could overwrite each other. The timeWeightedWeeklyGlobalConcLiquidityLastSet state variable is used in...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/09/29 12:0 a.m.7 views

The vulnerability of the __ip_set_put_netlink() function in the net/netfilter/ipset/ip_set_core.c module of the netfilter kernel of the Linux operating system allows a hacker to induce a service failure.

The vulnerability of the ipsetputnetlink function in the net/netfilter/ipset/ipsetcore.c module of the netfilter component of the Linux operating system is related to concurrent access to resources race condition. Exploiting this vulnerability could allow a attacker to cause service interruptions...

4.7CVSS6.4AI score0.00277EPSS
Exploits1References14Affected Software4
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.19 views

FreeBSD : xrdp -- Improper handling of session establishment errors allows bypassing OS-level session restrictions (c9ff1150-5d63-11ee-bbae-1c61b4739ac9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c9ff1150-5d63-11ee-bbae-1c61b4739ac9 advisory. - xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper...

6.5CVSS5.7AI score0.00728EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.23 views

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-011)

The version of tomcat installed on the remote host is prior to 8.5.58-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2023-011 advisory. If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the...

4.3CVSS6.9AI score0.57286EPSS
Exploits0References4
Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Medium: tomcat

Issue Overview: If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that...

4.3CVSS6.8AI score0.57286EPSS
Exploits0
Veracode
Veracode
added 2023/09/20 10:46 a.m.41 views

Denial Of Service

grpc is vulnerable to Denial Of Service. The vulnerability is due to improper error handling in TCP server which allows an attacker to initiate number of concurrent connections with the server leading to denial of service...

7.5CVSS6.6AI score0.00666EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2023/09/18 12:0 a.m.6 views

PT-2023-36020 · Spring · Spring

Name of the Vulnerable Software and Affected Versions: Spring versions affected versions not specified Description: The issue is related to a security exception in the org.springframework.expression.spel.ast.OpPlus.getValueInternal function. It involves the...

7AI score
Exploits0References2
OSV
OSV
added 2023/09/12 8:15 a.m.2 views

CVE-2022-4896

Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core...

7.5CVSS5.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/09/04 4:0 p.m.2 views

Mozilla: Memory corruption in IPC FilePickerShownCallback

The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could...

6.5CVSS7.2AI score0.00571EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.4 views

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a resource management error vulnerability that stems from the fact that when creating a callback to display a color picker window via IPC, multiple identical callbacks may be created...

6.5CVSS7.4AI score0.00571EPSS
Exploits0References16
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.4 views

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a Resource Management Error vulnerability that stems from the fact that when creating callbacks via IPC to display a file chooser window, multiple identical callbacks may be created at the same...

6.5CVSS7.4AI score0.00571EPSS
Exploits0References16
BDU FSTEC
BDU FSTEC
added 2023/08/01 12:0 a.m.3 views

The vulnerability of the idt77252_exit() function in the drivers/atm/idt77252.c file of the ATM network driver for the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the idt77252exit function in the drivers/atm/idt77252.c file of the ATM network driver for the Linux operating system is related to the reutilization of previously freed memory due to concurrent access to resources. Exploiting this vulnerability could allow an attacker to...

7CVSS6.6AI score0.00405EPSS
Exploits1References27Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/07/21 12:0 a.m.4 views

The vulnerability of the nft_chain_lookup_byid() function in the net/netfilter/nf_tables_api.c module of the Linux kernel’s netfilter packet filtering subsystem allows a attacker to escalate their privileges and compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the nftchainlookupbyid function in the net/netfilter/nftablesapi.c module of the Linux kernel’s packet filtering subsystem is related to the reutilization of previously freed memory due to concurrent access to resources. Exploiting this vulnerability could allow an attacker t...

7.8CVSS6.5AI score0.02163EPSS
Exploits0References15Affected Software5
OSV
OSV
added 2023/07/20 9:50 a.m.7 views

SUSE-SU-2023:2917-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: grafana: - Update to version 9.5.5: CVE-2023-3128: Fix authentication bypass using Azure AD OAuth bsc1212641, jscPED-3694 Bug fixes: Auth: Show invite button if disable login form is set to false. Azure: Fix Kusto auto-completion for Azure datasources. RBAC...

9.8CVSS8.5AI score0.04094EPSS
Exploits1References7
NVD
NVD
added 2023/07/04 5:15 a.m.19 views

CVE-2023-21672

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions...

8.4CVSS8.6AI score0.00111EPSS
Exploits0References1
Prion
Prion
added 2023/07/04 5:15 a.m.14 views

Memory corruption

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions...

4.3CVSS7.8AI score0.00111EPSS
Exploits0References1
Rows per page
Query Builder