GHSA-4R7G-7CPJ-5JR7 Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 inclusive the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are...

DEBIAN-CVE-2018-18484

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplusdemangletype, dbarefunctiontype,...

CVE-2018-18484

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplusdemangletype, dbarefunctiontype,...

CVE-2018-0395

A vulnerability in the Link Layer Discovery Protocol LLDP implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition when the device unexpectedly reloads. The vulnerability is due to improper input...

CVE-2018-0054

On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface fxp0 can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also...

CVE-2018-0054

On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface fxp0 can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also...

QFX5000/EX4600 Series: Routing protocol flap upon receipt of high rate of Ethernet frames

On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface fxp0 can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also...

CVE-2018-0054

CVE-2018-0054 affects Juniper Networks Junos OS on QFX5000 Series and EX4600 switches. A high rate of Ethernet pause frames or ARP storms on the management interface (fxp0) can cause egress congestion, leading to routing-protocol drops (e.g., BGP) and peering flaps. Affected releases include many...

CVE-2018-0054 QFX5000/EX4600 Series: Routing protocol flap upon receipt of high rate of Ethernet frames

On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface fxp0 can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also...

CVE-2018-0480 Cisco IOS XE Software Errdisable Denial of Service Vulnerability

A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service DoS condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an...

The vulnerability of the Apache HTTP Server web server, related to insufficient validation of input data, allows attackers to cause service failures.

The vulnerability of the Apache HTTP Server is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to cause service interruptions by exhausting the number of simultaneous connections through continuous sending of Maximum Size SETTINGS type fram...

USN-3783-1 apache2 vulnerabilities

Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. CVE-2018-1302 Craig Young discovered that the Apache HTTP Server HTTP/2 module...

CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...

Apache -- Denial of service vulnerability in HTTP/2

The Apache httpd project reports: low: DoS for HTTP/2 connections by continuous SETTINGS By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has...

Integer overflow

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code...

CVE-2018-10893

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code...

CVE-2018-10893

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code...

CVE-2018-10893

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code...

CVE-2018-10893

CVE-2018-10893 concerns spice-client’s handling of LZ compressed frames, with multiple integer/buffer overflow issues that could crash the client or allow arbitrary code execution. Public advisories reference fixes bundled in updated spice packages: Amazon Linux 2 ALAS-2023-2219 notes spice-proto...

GhostTunnel - A Covert Backdoor Transmission Method That Can Be Used In An Isolated Environment

GhostTunnel is a covert backdoor transmission method that can be used in an isolated environment. It can attack the target through the HID device only to release the payload agent, then the HID device can be removed after the payload is released. GhostTunnel use 802.11 Probe Request Frames and...