jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

RHEL 9 : Red Hat Product OCP Tools 4.17 OpenShift Jenkins (RHSA-2025:16456)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16456 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron...

SUSE CVE-2025-54500

An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125 apache-commons-fileupload: Apache...

CVE-2025-54500

An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-54500 HTTP/2 Vulnerability

An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2025-33005

Name of the Vulnerable Software and Affected Versions: Affected versions not specified Description: An implementation flaw in HTTP/2 can lead to a denial-of-service DoS condition. This occurs through the use of malformed HTTP/2 control frames, which disrupt the maximum concurrent streams limit,...

WPAxFuzz - A Full-Featured Open-Source Wi-Fi Fuzzer

This tool is capable of fuzzing either any management, control or data frame of the 802.11 protocol or the SAE exchange. For the management, control or data frames, you can choose either the "standard" mode where all of the frames transmitted have valid size values or the "random" mode where the...

SUSE CVE-2015-1142857

On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before...

Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service)

!/usr/bin/perl -w udp IAX protocol fuzzer Created: Blake Cornell Exploits found with this code can be found at http://www.securityscraper.com/ Released under the VoIPER project Do not hesitate to show enthusiasm and support and help develop this further. use strict; use IO::Socket; use...

FreeBSD IEEE 802.11 wireless network buffer overflow

Buffer overflow on parsing IEEE 802.11 control frames...