Authorization Bypass

github.com/moby/moby is vulnerable to Authorization Bypass. Encrypted overlay networks accept cleartext VXLAN datagrams tagged with the VNI of the network, which allows remote attackers to arbitrary inject ethernet frames into the encrypted overlay network...

GHSA-F8VR-R385-RH5R h2 vulnerable to denial of service

Hyper is an HTTP library for Rust and h2 is an HTTP 2.0 client & server implementation for Rust. An issue was discovered in h2 v0.2.4 when processing header frames. It incorrectly processes the HTTP2 RSTSTREAM frames by not always releasing the memory immediately upon receiving the reset frame,...

AZL-34823 CVE-2023-26964 affecting package kata-containers for versions less than 3.2.0.azl0-2

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

AZL-61174 CVE-2023-26964 affecting package rust for versions less than h2-0.3.26

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

AZL-35217 CVE-2023-26964 affecting package rpm-ostree for versions less than 2024.4-1

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

UBUNTU-CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

NewStart CGSL CORE 5.05 / MAIN 5.05 : virt-viewer Vulnerability (NS-SA-2023-0027)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has virt-viewer packages installed that are affected by a vulnerability: - Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause...

PT-2023-3149 · Hyper +2 · Hyper +2

Name of the Vulnerable Software and Affected Versions: hyper version 0.13.7 h2 version 0.2.4 Description: An issue in the H2 component of hyper occurs when processing HTTP2 RST STREAM frames, leading to stream stacking and high memory and CPU usage, which can result in a Denial of Service DoS. Th...

Siemens SCALANCE Improper Input Validation (CVE-2020-26144)

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 i.e., LLC/SNAP header for EAPOL. An adversary can abuse this to inject arbitrary network packets...

Siemens SCALANCE Improper Input Validation (CVE-2020-26146)

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non- consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented...

CVE-2023-26964

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RSTSTREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service DoS...

Siemens SCALANCE W1700 Improper Input Validation (CVE-2022-28328)

A vulnerability has been identified in SCALANCE W1788-1 M12 All versions V3.0.0, SCALANCE W1788-2 EEC M12 All versions V3.0.0, SCALANCE W1788-2 M12 All versions V3.0.0, SCALANCE W1788-2IA M12 All versions V3.0.0. Affected devices do not properly handle malformed Multicast LLC frames. This could...

SilentMoonwalk - PoC Implementation Of A Fully Dynamic Call Stack Spoofer

PoC Implementation of a fully dynamic call stack spoofer TL;DR SilentMoonwalk is a PoC implementation of a fully dynamic call stack spoofer, implementing a technique to remove the original caller from the call stack, using ROP to desynchronize unwinding from control flow. Authors This PoC is the...

The vulnerability of the Frames component in Google Chrome browser allows a hacker to execute arbitrary code.

The vulnerability of the Frames component in Google Chrome browsers is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created web page...

Denial Of Service (DoS)

docker is vulnerable to Denial of Service DoS attacks. The injection of arbitrary ethernet frames allow remote attackers to enable denial of service attacks, such as establishing a UDP or TCP connection or smuggling packets into the overlay network...

Chromium: CVE-2023-1811 Use after free in Frames

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2023-28840

A vulnerability was found in Moby due to an unprotected alternate channel within encrypted overlay networks. This issue could allow a malicious user to cause a denial of service by sending a specially crafted request to inject arbitrary Ethernet frames into the encrypted overlay network...

SUSE CVE-2023-1811

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Siemens SCALANCE and RUGGEDCOM Devices Stack-Based Buffer Overflow (CVE-2021-25667)

A vulnerability has been identified in RUGGEDCOM RM1224 All versions = V4.3 and = V4.3 and = V4.3 and = V2.0 and V2.1.3, SCALANCE XB-200 All versions V4.1, SCALANCE XC-200 All versions V4.1, SCALANCE XF-200BA All versions V4.1, SCALANCE XM400 All versions V6.2, SCALANCE XP-200 All versions V4.1,...

DEBIAN-CVE-2023-1811

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...