CVE-2019-1826 Cisco Aironet Series Access Points Quality of Service Denial of Service Vulnerability

A vulnerability in the quality of service QoS feature of Cisco Aironet Series Access Points APs could allow an authenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames...

Cisco Aironet Series Access Points Quality of Service Denial of Service Vulnerability

A vulnerability in the quality of service QoS feature of Cisco Aironet Series Access Points APs could allow an authenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames...

CVE-2019-9503

The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and unprocessed. I...

DEBIAN-CVE-2019-0199

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servle...

UBUNTU-CVE-2019-0199

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servle...

CVE-2018-12545

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...

The vulnerability of Google Chrome browser, related to insufficient validation of input data, allows a hacker to circumvent the Cookie SameSite policy.

The vulnerability of Google Chrome lies in the lack of proper validation of cookie-related frames during the sending of cookies. Exploiting this vulnerability allows a remote attacker to circumvent the Cookie SameSite policy by using a specially created HTML page...

Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...

Denial Of Service (DoS)

mqtt-client is vulnerable to denial of service DoS attacks. The vulnerability exists as the readUTF function in MessageSupport does not properly check if a MQTT frame is malformed, causing a denial of service condition when unmarshalled...

CVE-2018-12545

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...

Design/Logic Flaw

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...

UBUNTU-CVE-2018-12545

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...

CVE-2018-12545

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...

CAN Flood

This module floods a CAN interface with supplied frames. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CAN Flood', 'Description' = 'This module floods a CAN interface with supplied frames.',...

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

CVE-2019-1617

A vulnerability in the Fibre Channel over Ethernet FCoE N-port Virtualization NPV protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to an incorrect processing of FCoE packets when...

CVE-2019-1594

A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN EAPOL...

Updated spice-gtk packages fix security vulnerability

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...

Updated spice packages fix security vulnerability

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. CVE-2019-3813 A vulnerability was discovered in SPICE before versio...

nghttp2: Null pointer dereference when too large ALTSVC frame is received

nghttp2 version = 1.10.0 and nghttp2 = 1.31.1...