17 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-15711
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 5.5, which...
CVE-2026-15711 Libsoup: soupwebsocketconnection: libsoup: websocket remote denial of service via oversized control frame protocol violation
A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames e.g., PING, PONG, CLOSE contain a payload of 125 bytes or less. A remote, unauthenticated attacker...
CVE-2026-15711
The CVE describes a vulnerability in libsoup’s WebSocket frame parsing. The flaw stems from failing to validate length rules for WebSocket control frames as specified in RFC 6455 §5.5, allowing an oversized control frame to be sent by a remote, unauthenticated attacker. The parser does not termin...
CVE-2026-15711
A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames e.g., PING, PONG, CLOSE contain a payload of 125 bytes or less. A remote, unauthenticated attacker...
PT-2026-58723
Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description An issue exists in the WebSocket frame parsing implementation where the library fails to validate length rules defined in RFC 6455 §5.5. This standard requires that all WebSocket control...
jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...
RHEL 9 : Red Hat Product OCP Tools 4.17 OpenShift Jenkins (RHSA-2025:16456)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16456 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron...
SUSE CVE-2025-54500
An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125 apache-commons-fileupload: Apache...
CVE-2025-54500
An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-54500 HTTP/2 Vulnerability
An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
PT-2025-33005
Name of the Vulnerable Software and Affected Versions: Affected versions not specified Description: An implementation flaw in HTTP/2 can lead to a denial-of-service DoS condition. This occurs through the use of malformed HTTP/2 control frames, which disrupt the maximum concurrent streams limit,...
WPAxFuzz - A Full-Featured Open-Source Wi-Fi Fuzzer
This tool is capable of fuzzing either any management, control or data frame of the 802.11 protocol or the SAE exchange. For the management, control or data frames, you can choose either the "standard" mode where all of the frames transmitted have valid size values or the "random" mode where the...
SUSE CVE-2015-1142857
On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before...
The vulnerability of the Cisco IOS operating system, which allows a intruder to trigger a service failure
The vulnerability of the Cisco IOS operating system is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending IEEE 802.3x control frames remotely...
Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service)
!/usr/bin/perl -w udp IAX protocol fuzzer Created: Blake Cornell Exploits found with this code can be found at http://www.securityscraper.com/ Released under the VoIPER project Do not hesitate to show enthusiasm and support and help develop this further. use strict; use IO::Socket; use...
FreeBSD IEEE 802.11 wireless network buffer overflow
Buffer overflow on parsing IEEE 802.11 control frames...