Schneider Electric Conext ComBox 安全漏洞

The Schneider Electric Conext ComBox is a powerful communication and monitoring device from Schneider Electric France. A security vulnerability exists in the Schneider Electric Conext ComBox that stems from an improper restriction on its rendering UI layer or frames that could allow an attacker t...

CVE-2023-22971

Cross Site Scripting XSS vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate...

CVE-2023-22971

Cross Site Scripting XSS vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate...

DEBIAN-CVE-2023-0394

A NULL pointer dereference flaw was found in rawv6pushpendingframes in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash...

CVE-2023-22971

Cross Site Scripting XSS vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate...

RHEL 7 : rh-nodejs10-nodejs (RHSA-2020:3084)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3084 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

CVE-2022-41721

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulat...

GHSA-FXG5-WQ6X-VR4W golang.org/x/net/http2/h2c vulnerable to request smuggling attack

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...

DEBIAN-CVE-2022-41721

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...

CVE-2022-41721

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...

GO-2023-1495 Request smuggling due to improper request handling in golang.org/x/net/http2/h2c

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...

PT-2023-14021 · Google +1 · Golang.Org/X/Net/Http2/H2C +1

Name of the Vulnerable Software and Affected Versions: golang.org/x/net/http2/h2c affected versions not specified Description: A request smuggling attack is possible when using MaxBytesHandler. The body of an HTTP request is not fully consumed, and when the server attempts to read HTTP2 frames fr...

Denial Of Service (DoS)

qt5-qtwebengine is vulnerable to denial of service. The vulnerability exists due to the use after free in the blink frames in the library which allows an attacker to crash the application through the heap corruption via a maliciously crafted HTML page...

Polite WiFi loophole could allow attackers to drain device batteries

Researchers at the University of Waterloo in Ontario have further researched a loophole in the WiFi protocol that was dubbed "polite WiFi". Last year the researchers published a study in which they showed someone could use this loophole to triangulate the location of any WiFi enabled device. Now,...

CVE-2022-33253

Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames...

CVE-2022-33286

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames...

Code injection

Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames...

CVE-2022-33286 Buffer over-read in WLAN

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames...

CVE-2022-33286 Buffer over-read in WLAN

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames...