CVE-2023-20112

A vulnerability in Cisco access point AP software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this...

CBL Mariner 2.0 Security Update: kernel (CVE-2022-47519)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-47519 advisory. - An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211P2PATTROPERCHANNEL...

Ubuntu 22.10 : Linux kernel (KVM) vulnerabilities (USN-5950-1)

The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5950-1 advisory. It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain...

Input validation

Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2...

CVE-2023-1362 Improper Restriction of Rendered UI Layers or Frames in unilogies/bumsys

Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2...

Debian: Security Advisory (DLA-467-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : spice-protocol (ALAS-2023-1940)

The version of spice-protocol installed on the remote host is prior to 0.12.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1940 advisory. Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A...

Amazon Linux 2 : libgovirt (ALAS-2023-1939)

The version of libgovirt installed on the remote host is prior to 0.3.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1939 advisory. Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A...

K17957133: Linux kernel vulnerability CVE-2019-3701

Security Advisory Description An issue was discovered in cancangwrcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the candlc field. Because of a missing check, the CAN drivers may write arbitrary...

K46011592: HTTP/2 Empty Frames Flood vulnerability CVE-2019-9518

Security Advisory Description Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or...

K39604784: BIG-IP system incorrectly forwards VLAN-tagged frames with STP at Pass Through mode

Security Advisory Description The BIG-IP system incorrectly forwards VLAN-tagged frames, even if the VLAN is not defined on the ingress interface, when Spanning Tree Protocol STP is set to Pass Through mode. Note : The following BIG-IP platforms are not affected: BIG-IP 2000s/2200s BIG-IP...

OESA-2023-1084 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intelgvtdmamapguestpage function. This issue could allow a local user to...

SUSE CVE-2005-0527

Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."...

SUSE CVE-2005-2266

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords...

SUSE CVE-2007-1115

The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated using the UTF-7 character set...

SUSE CVE-2007-1357

The atalksumskb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service crash via an AppleTalk frame that is shorter than the specified length, which triggers a BUGON call when an attempt is made to perform a checksum...

SUSE CVE-2007-2829

The 802.11 network stack in net80211/ieee80211input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service system hang via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference...

SUSE CVE-2007-3763

The IAX2 channel driver chaniax2 in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service crash via a crafted 1 LAGRQ or 2 LAGRP...

SUSE CVE-2008-0419

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service crash via images in a page that uses designMode frames, which triggers memory corruption related to resize handles...

SUSE CVE-2008-2716

Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks...