PT-2022-16786 · Apple · Swift-Nio-Http2

Name of the Vulnerable Software and Affected Versions: swift-nio-http2 versions 1.0.0 through 1.19.1 Description: A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack is caused by a logical error after...

AlmaLinux 8 : kernel (ALSA-2021:4356)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4356 advisory. - Insufficient control flow in certain data structures for some IntelR Processors with IntelR Processor Graphics may allow an unauthenticated user to...

CVE-2022-22807

The CVE-2022-22807 entry applies to EcoStruxure EV Charging Expert (pre-SP8 V4.0.0.13). Root cause: CWE-1021 Improper Restriction of Rendered UI Layers or Frames, enabling an attacker to influence the product by deceiving users to interact with an iframe-rendered web interface. Impact: potential ...

AlmaLinux 8 : libvncserver (ALSA-2020:3385)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2020:3385 advisory. - It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by...

Schneider Electric Modicon Controllers Improper Check For Unusual or Exceptional Conditions (CVE-2019-6819)

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to...

USN-5258-1 weechat vulnerabilities

Stuart Nevans Locke discovered that WeeChat's relay plugin insecurely handled malformed websocket frames. A remote attacker in control of a server could possibly use this issue to cause denial of service in a client. CVE-2021-40516 Stuart Nevans Locke discovered that WeeChat insecurely handled...

Updated chromium-browser-stable packages fix security vulnerability

CVE-2022-0096: Use after free in Storage. CVE-2022-0097: Inappropriate implementation in DevTools. CVE-2022-0098: Use after free in Screen Capture. CVE-2022-0099: Use after free in Sign-in. CVE-2022-0100: Heap buffer overflow in Media streams API. CVE-2022-0101: Heap buffer overflow in Bookmarks...

CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

Design/Logic Flaw

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

h2o 安全漏洞

h2o is a new generation of HTTP server. Not only is it very fast compared to older generation HTTP servers, but it also provides faster responses to end users. A security vulnerability exists in h2o, which stems from the fact that when QUIC frames are received in a particular order, h2o's HTTP/3...

CVE-2021-22819

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...

CVE-2021-22819

The CVE-2021-22819 entry describes a CWE-1021 vulnerability in Schneider Electric EVlink products where UI rendered in iframes can lead to unintended modification of product settings or user accounts when a user is deceived into interacting with the embedded interface. Affected are EVlink City (E...

Important: kernel

Issue Overview: A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to...

KLA12435 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in Task Manager can be exploited to execute arbitrary code or caus...

Denial Of Service (DoS)

chromium is vulnerable to denial of service. The vulnerability exists due to the inappropriate implementation in fenced frames, allowing an attacker to cause an application crash...

Cisco IOS XR Software for ASR 9000 Series Routers DoS (cisco-sa-npspin-QYpwdhFD)

According to its self-reported version, Cisco IOS XR is affected by denial of service vulnerability due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An unauthenticated, adjacent attacker can exploit these by sending...

Chromium: CVE-2022-0292 Inappropriate implementation in Fenced Frames

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

In TagLib 1.11.1 the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.

...

Google Chrome < 97.0.4692.99 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 97.0.4692.99. It is, therefore, affected by multiple vulnerabilities as referenced in the 202201stable-channel-update-for-desktop19 advisory. - Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99...