664 matches found
CVE-2019-9518 Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...
PT-2019-2979 Ā· Alt LinuxĀ +7 Ā· Alt LinuxĀ +7
Name of the Vulnerable Software and Affected Versions: HTTP/2 implementations affected versions not specified Description: The issue is related to a flood of empty frames in HTTP/2 implementations, which can lead to a denial of service. An attacker sends a stream of frames with an empty payload a...
Denial Of Service (DoS)
Apache HTTP Server is vulnerable to denial of serviceDoS attacks. This occurs in httpd's handling of the LimitRequestFields directive in modhttp2, affecting servers with HTTP/2 enabled. An attacker could send crafted CONTINUATION frames in an HTTP/2 requests with headers larger than the server's...
openSUSE Security Update : dovecot22 (openSUSE-2019-1220)
This update for dovecot22 fixes the following issues : Security issues fixed : - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation bsc1130116. - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication...
SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2019:0900-1)
This update for dovecot22 fixes the following issues : Security issues fixed : CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation bsc1130116. CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication...
SUSE-SU-2019:0900-1 Security update for dovecot22
This update for dovecot22 fixes the following issues: Security issues fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation bsc1130116. - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication...
The vulnerability of the console utility for downloading files with wget arises from insufficient input validation, allowing a attacker to compromise data integrity.
The vulnerability of the console utility for downloading files with wget relates to the lack of processing of the ā\r\nā sequence in line continuation strings during the grammatical analysis of HTTP headers containing Set-Cookies. Exploiting this vulnerability allows a remote attacker to insert...
Foxit Reader Information Disclosure Vulnerability (CNVD-2018-11833)
Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. An information disclosure vulnerability exists in the parsing of the Texture Continuation object in Foxit Reader version 9.0.0.29935, which occurs when the program fails to properly validate user-supplied data. The...
Foxit Reader Information Disclosure Vulnerability (CNVD-2018-10556)
Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. An out-of-bounds reading vulnerability exists in the parsing of the U3D Clod Progressive Mesh Continuation framework in Foxit Reader version 9.0.0.29935, where the program fails to properly validate user-submitted...
CVE-2018-9979
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
CVE-2018-9979
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
CVE-2018-10492
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
CVE-2018-9979
Foxit Reader 9.0.0.29935 is affected by a vulnerability in parsing Texture Continuation objects in U3D files that can disclose sensitive information. The root cause is improper validation of user-supplied data, leading to a read past the end of an allocated object. Exploitation requires user inte...
CVE-2018-9979
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
ALPINE-CVE-2018-0494
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the respnew function in http.c via a \r\n sequence in a continuation line...
CVE-2018-0494
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the respnew function in http.c via a \r\n sequence in a continuation line...
CVE-2018-0494
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the respnew function in http.c via a \r\n sequence in a continuation line...
CVE-2018-0494
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the respnew function in http.c via a \r\n sequence in a continuation line...
UBUNTU-CVE-2018-0494
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the respnew function in http.c via a \r\n sequence in a continuation line...
Android Bluetooth - Blueborne Information Leak (2) Exploit
Exploit for Android platform in category remote exploits from pwn import import bluetooth if not 'TARGET' in args: log.info"Usage: CVE-2017-0785.py TARGET=XX:XX:XX:XX:XX:XX" exit target = args'TARGET' servicelong = 0x0100 serviceshort = 0x0001 mtu = 50 n = 30 def packetservice, continuationstate:...