304 matches found
Cisco TelePresence CE and TC Software 'SIP' DoS Vulnerability (cisco-sa-20170607-tele)
Cisco TelePresence Endpoint is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
httpd: mod_http2 denial-of-service by thread starvation
A denial of service flaw was found in httpd's modhttp2 module. A remote attacker could use this flaw to block server threads for long times, causing starvation of worker threads, by manipulating the flow control windows on streams...
The vulnerability of the Android operating system, which allows a hacker to increase their privileges
The vulnerability of the drivers/media/platform/msm/camerav2/isp/msmispaxiutil.c component of Qualcomm’s Android operating system is related to the lack of flow control checks. Exploiting this vulnerability allows a remote attacker to enhance their privileges through a specially created applicati...
Apache HTTP Server 2.4.x < 2.4.23 Multiple Vulnerabilities
Binary data 9394.prm...
DEBIAN-CVE-2016-1546
The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service stream-processing outage via modified flow-control windows...
CVE-2016-1546
The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service stream-processing outage via modified flow-control windows...
CVE-2016-1546
The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service stream-processing outage via modified flow-control windows...
Generalized SQL Injection Vulnerability in Flow Control Routing of CoQin Technology
Since its inception over 15 years ago, Co-Tech has evolved from a manufacturer of high-end modems to a strong competitor in the broadband solutions space. A generalized SQL injection vulnerability exists in the flow control routing of Welkin Technologies. It allows attackers to utilize commonly...
百为流控路由设计不当 可任意添加管理员
POST /goform/webForm HTTP/1.0 Referer: ...:2011/advance/adminuser.htm?v=20130320 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Accept: / Accept-Language: zh-CN Proxy-Connection: Keep-Alive User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64; Trident/7.0; rv:11.0 like...
Is it possible to optimize SSH or SFTP connections?
QUESTION: Is it possible to optimize SSH or SFTP connections? ANSWER: SSH and SFTP are encrypted traffic: SSH one-time encrypted data stream and SFTP goes over the SSH port CloudBridge can only optimize with flow-control-only but won't be able to compress it...
PT-2016-2318
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.17 through 2.4.18 Description The issue is related to resource management errors in the Apache HTTP Server. It allows a remote attacker to cause a denial of service by modifying flow-control windows, leading to ...
Apache Httpd < 2.4.20 : mod_http2: denial of service by thread starvation
By manipulating the flow control windows on streams, a client was able to block server threads for long times, causing starvation of worker threads. Connections could still be opened, but no streams where processed for these. This issue affected HTTP/2 support in 2.4.17 and 2.4.18...
Potential Vulnerability with Intel® LAN Products with SR-IOV
Summary: A potential issue impacting Intel® LAN products with SR-IOV capability is expected to be publicly disclosed by security researchers at an industry conference on August 13, 2015. Description: In Intel® LAN products with SR-IOV capability, the potential exists where, under specific...
The vulnerability of the Cisco IOS operating system, which allows a intruder to trigger a service failure
The vulnerability of the Cisco IOS operating system is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending IEEE 802.3x control frames remotely...
Cisco ASR 9000 IOS XR Resource Management Error Vulnerability
Cisco IOS XR on ASR 9000 is a set of operating systems from Cisco that run in the 9000 series router devices. A security vulnerability exists in Cisco IOS XR version 5.3.1 for Cisco ASR 9000 devices. A remote attacker can exploit this vulnerability to cause a denial of service NPU chip reset or...
CVE-2015-4205
Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service NPU chip reset or line-card reload by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959...
Design/Logic Flaw
Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service NPU chip reset or line-card reload by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959...
CVE-2015-4205
Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service NPU chip reset or line-card reload by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959...
Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers Denial of Service Vulnerability
A vulnerability in flow control processing of Cisco IOS XR Software for Cisco ASR 9000 Series Routers could allow an unauthenticated, adjacent attacker to cause a Network Processing Unit NPU chip reset and potentially a reload of the affected line card. The vulnerability is due to improper...
bash: off-by-one error in deeply nested flow control constructs
An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash...