Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which occurs when processing SETTINGS frames. If the value of SETTINGSMAXFRAMESIZE is set to 0, the...

netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

CVE-2026-43093

A flaw was found in the Linux kernel's xsk AFXDP subsystem due to insufficient validation of the User Memory UMEM headroom. This vulnerability could lead to memory corruption, specifically the skbsharedinfo data structure, if multi-buffer is enabled. Such corruption could result in system...

EUVD-2026-27755

In the Linux kernel, the following vulnerability has been resolved: net: consume xmit errors of GSO frames udpgrofrglist.sh and udpgrobench.sh are the flakiest tests currently in NIPA. They fail in the same exact way, TCP GRO test stalls occasionally and the test gets killed after 10min. These...

EUVD-2026-27635

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing txframes wl1251txpacketcb uses the firmware completion ID directly to index the fixed 16-entry wl-txframes array. The ID is a raw u8 from the completion block, and the callback do...

CVE-2026-43194

In the Linux kernel, the following vulnerability has been resolved: net: consume xmit errors of GSO frames udpgrofrglist.sh and udpgrobench.sh are the flakiest tests currently in NIPA. They fail in the same exact way, TCP GRO test stalls occasionally and the test gets killed after 10min. These...

CVE-2026-43194 net: consume xmit errors of GSO frames

In the Linux kernel, the following vulnerability has been resolved: net: consume xmit errors of GSO frames udpgrofrglist.sh and udpgrobench.sh are the flakiest tests currently in NIPA. They fail in the same exact way, TCP GRO test stalls occasionally and the test gets killed after 10min. These...

CVE-2026-43194

In the Linux kernel, the following vulnerability has been resolved: net: consume xmit errors of GSO frames udpgrofrglist.sh and udpgrobench.sh are the flakiest tests currently in NIPA. They fail in the same exact way, TCP GRO test stalls occasionally and the test gets killed after 10min. These...

CVE-2026-43194

CVE-2026-43194 affects the Linux kernel networking stack where an error in handling transmit (xmit) failures for GSO frames can cause a single lost segment within a GSO frame to be misinterpreted as a complete frame loss. The issue arises when devices (e.g., veth) report errors during xmit; TCP m...

CVE-2026-43113

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing txframes wl1251txpacketcb uses the firmware completion ID directly to index the fixed 16-entry wl-txframes array. The ID is a raw u8 from the completion block, and the callback do...

CVE-2026-43113

In the Linux kernel, CVE-2026-43113 affects the wl1251 Wi‑Fi driver. The function wl1251_tx_packet_cb() uses the firmware completion ID (a raw u8) to index a fixed 16-entry wl->tx_frames[] array without validating that the ID fits. The callback can dereference out-of-range IDs. The fix rejects...

CVE-2026-43113

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing txframes wl1251txpacketcb uses the firmware completion ID directly to index the fixed 16-entry wl-txframes array. The ID is a raw u8 from the completion block, and the callback do...

CVE-2026-43113 wifi: wl1251: validate packet IDs before indexing tx_frames

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing txframes wl1251txpacketcb uses the firmware completion ID directly to index the fixed 16-entry wl-txframes array. The ID is a raw u8 from the completion block, and the callback do...

Exploit for Double Free in Apache Http_Server

CVE-2026-23918 CVE-2026-23918: Apache HTTP/2 Double...

PT-2026-37423

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description An out-of-bounds array access exists in the WiFi wl1251 driver. The wl1251 tx packet cb function uses a firmware completion ID, provided as a raw u8 from the completion block, to index t...

RHCOS 3 : OpenShift Container Platform 3.9 (RHSA-2019:2769)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2769 advisory. - HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9512 - HTTP/2: flood using HEADERS frames results in...

PT-2026-37534

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel networking stack where the system incorrectly handles transmission xmit return codes for Generic Segmentation Offload GSO frames in environments witho...

Linux Distros Unpatched Vulnerability : CVE-2026-43113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: wl1251: validate packet IDs before indexing txframes wl1251txpacketcb uses the firmware completion ID directly to index the fixed 16-entry wl-txframes...

Allocation of Resources Without Limits or Throttling

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the voice-call realtime WebSocket path when oversized WebSocket frames are accepted without proper validation. An attacker ca...