293 matches found
CVE-2025-8671
A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service DoS. By opening streams and then rapidly triggering the serv...
CVE-2025-8671
A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service DoS. By opening streams and then rapidly triggering the serv...
Vulnerabilities fixed in Zoom Clients
Zoom has fixed vulnerabilities in Zoom Clients Specifically versions for Linux, Windows, iOS and macOS. The vulnerabilities include incorrect certificate validation in Zoom Workplace for Linux, a buffer overflow in specific Zoom Clients for Windows, cross-site scripting in Zoom Clients for Window...
undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server...
undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server...
CVE-2025-38040
In the Linux kernel, the following vulnerability has been resolved: serial: mctrlgpio: split disablems into sync and nosync APIs The following splat has been observed on a SAMA5D27 platform using atmelserial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738 inatomic: ...
Securing AI Agents with Information-Flow Control
As AI agents become increasingly autonomous and capable, ensuring their security against vulnerabilities such as prompt injection becomes critical. This paper explores the use of information-flow control IFC to provide security guarantees for AI agents. We present a formal model to reason about t...
How 'Browser-in-the-Middle' Attacks Steal Sessions in Seconds
Would you expect an end user to log on to a cybercriminal's computer, open their browser, and type in their usernames and passwords? Hopefully not! But that's essentially what happens if they fall victim to a Browser-in-the-Middle BitM attack. Like Man-in-the-Middle MitM attacks, BiTM sees...
CVE-2021-0442
In updateInfo of androidhardwareinputInputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-20107
There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low...
CVE-2019-17243
IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEGLS+0x0000000000003155...
CVE-2019-17244
IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEGLS+0x0000000000001d8a...
kernel: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()
in linux kernel bluetooth L2CAP, l2capleflowctlinit can cause both div-by-zero and an integer overflow since hdev-lemtu may not fall in the valid range...
AIs as Trusted Third Parties
This is a truly fascinating paper: "Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography." The basic idea is that AIs can act as trusted third parties: Abstract: We often interact with untrusted parties. Prioritization of privacy can limit t...
DEBIAN-CVE-2023-52941
In the Linux kernel, the following vulnerability has been resolved: can: isotp: split tx timer into transmission and timeout The timer for the transmission of isotp PDUs formerly had two functions: 1. send two consecutive frames with a given time gap 2. monitor the timeouts for flow control frame...
The vulnerability of the QUIC and HTTP/3 implementations in the C language package NGTCP2 lies in the improper implementation of control flow management, allowing a attacker to execute arbitrary code.
The vulnerability of the QUIC and HTTP/3 implementations in the C language package NGTCP2 is related to the implementation of incorrect flow control. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Linux Distros Unpatched Vulnerability : CVE-2015-1142857
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe drive...
DEBIAN-CVE-2025-21695
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The delluartblserdevprobe function calls devmserdevdeviceopen before setting the client ops via serdevdevicesetclientops. This ordering can trigger a NULL pointer dereference in...
SQL Injection Vulnerability in Aifei Flow Control Router of AllConvergence Network Technology (Beijing) Co.
AiFast Flow Control Router is a router product of Quanxun Convergence Network Technology Beijing Co. Ltd. AiFast Flow Control Router has a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...
Information Leakage Vulnerability in AIFL Flow Control Router of AllConvergence Network Technology (Beijing) Co.
AiFast Flow Control Router is a router product of Quanxun Convergence Network Technology Beijing Co. Ltd. AiFast Flow Control Router has an information leakage vulnerability that can be exploited by attackers to obtain sensitive information...