SUSE CVE-2023-39017

quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that...

BIT-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

The vulnerability of the Arena Simulation software in modeling and automating discrete events lies in its ability to overflow a buffer based on a queue. This allows a hacker to execute arbitrary code.

The vulnerability of the Arena Simulation software for modeling and automating discrete events is related to the possibility of buffer overflow attacks. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

DEBIAN-CVE-2023-46862

An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an iouring/fdinfo.c iouringshowfdinfo NULL pointer dereference can occur...

Bosch ctrlX HMI Web Panel Trust Management Issue Vulnerability

Bosch ctrlX HMI Web Panel WR21 is an HMI panel from Bosch Germany. The ctrlX HMI Web Panel WR21 version suffers from a security vulnerability that originates from a security flaw in the Android Agent application, which allows an attacker to take control of the network of a malicious MQTT agent...

Juniper Junos OS Vulnerability (JSA73145)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73145 advisory. - An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue...

The vulnerability of Windows operating systems’ message queues allows a perpetrator to execute arbitrary code.

The vulnerability of Windows operating systems’ message queues is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2023-44181

An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMP...

Design/Logic Flaw

An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMP...

CVE-2023-44181 Junos OS: QFX5k: l2 loop in the overlay impacts the stability in a EVPN/VXLAN environment

An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMP...

Juniper Networks Junos OS and Junos OS QFX Security Vulnerabilities

Juniper Networks Junos OS and Juniper Networks Junos OS QFX are products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system that is specialized for use with the company's hardware devices. The operating system provides a secure programming interface and the Junos...

AZL-34747 CVE-2023-39325 affecting package golang for versions less than 1.20.7-2

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

AZL-31691 CVE-2023-39325 affecting package coredns for versions less than 1.9.3-9

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

AZL-31310 CVE-2023-39325 affecting package golang for versions less than 1.20.7-2

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

CVE-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

AZL-35514 CVE-2023-39325 affecting package kata-containers for versions less than 3.2.0.azl2-1

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

AZL-34730 CVE-2023-39325 affecting package git-lfs for versions less than 3.6.1-1

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

AZL-31645 CVE-2023-39325 affecting package moby-compose for versions less than 2.17.2-5

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

AZL-31692 CVE-2023-39325 affecting package etcd for versions less than 3.5.6-11

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

AZL-31647 CVE-2023-39325 affecting package moby-containerd-cc for versions less than 1.7.1-5

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...