Design/Logic Flaw

Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less tha...

CVE-2020-12494 Beckhoff: Etherleak in TwinCAT RT network driver

Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less tha...

CVE-2020-12494

Beckhoff TwinCAT RT network driver for Intel 8254x/8255x EtherCAT functionality contains a padding issue: non-realtime frames are not padded to the minimum Ethernet frame size, causing arbitrary memory content to be transmitted in the padding bytes. This can lead to memory disclosure, with the mo...

GHSA-QCXH-W3J9-58QR Apache Tomcat Denial of Service vulnerability

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servle...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

Security update for nodejs8 (critical)

openSUSE Security Update: Security update for nodejs8 Announcement ID: openSUSE-SU-2020:0802-1 Rating: critical References: 1166916 1172442 1172443 Cross-References: CVE-2020-11080 CVE-2020-7598 CVE-2020-8174 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities is now...

kernel: brcmfmac frame validation bypass

If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and not be processed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be...

nghttp2: overly large SETTINGS frames can lead to DoS

A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...

nghttp2: overly large SETTINGS frames can lead to DoS

A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...

Updated wpa_supplicant packages fix security vulnerability

Updated wpasupplicant and hostpad packages fix security vulnerability: A vulnerability was discovered in wpasupplicant. When Access Point AP mode and Protected Management Frames PMF IEEE 802.11w are enabled, wpasupplicant does not perform enough validation on the source address of some received...

MGASA-2020-0244 Updated wpa_supplicant packages fix security vulnerability

Updated wpasupplicant and hostpad packages fix security vulnerability: A vulnerability was discovered in wpasupplicant. When Access Point AP mode and Protected Management Frames PMF IEEE 802.11w are enabled, wpasupplicant does not perform enough validation on the source address of some received...

tomcat: Apache Tomcat HTTP/2 DoS

A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. This flaw eventually leads to a denial of service attack...

Cisco Catalyst 9800 Series Wireless Controllers IOS XE Input Validation Error Vulnerability (CNVD-2020-31958)

Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. An input validation error vulnerability exists in the IEEE 802.11w Protected Management Frames handling of IOS XE Software in Cisco Catalyst 9800 Series Wireless Controllers. An...

DEBIAN-CVE-2020-11080

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...

UBUNTU-CVE-2020-11080

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...

CVE-2020-3206

A vulnerability in the handling of IEEE 802.11w Protected Management Frames PMFs of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerabilit...

Input validation

Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer...

The vulnerability of the GAS frame processing function in the 802.11 protocol of Cisco Wireless LAN Controllers allows a attacker to induce a service failure.

The vulnerability of the Generic Advertising Service GAS frame processing function in Cisco Wireless LAN Controllers based on the 802.11 protocol is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure ...