3830 matches found
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There are security vulnerabilities in Qualcomm Chipsets, which stem from the reception of service data frames with excessively long lengths during device matching via Neighbor Discovery protocol...
CVE-2026-34775
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers...
SUSE CVE-2026-31935
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...
Allocation of Resources Without Limits or Throttling
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of a frame count limit in the loadbase64 function when processing video/jpeg...
Allocation of Resources Without Limits or Throttling
Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the voice-call process. An attacker can cause excessive resource consumption by sending oversized WebSocket frames before...
Allocation of Resources Without Limits or Throttling
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the voice-call process. An attacker can cause excessive resource consumption by sending oversized WebSocket frames before validati...
GHSA-2W79-R9G8-WMCR OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062)
Summary Incomplete fix for CVE-2026-32062: voice-call still parses large WebSocket frames before start validation Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 still parses oversized pre-start voice-call WebSocket frames before start validation, and the unreleas...
OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062)
Summary Incomplete fix for CVE-2026-32062: voice-call still parses large WebSocket frames before start validation Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 still parses oversized pre-start voice-call WebSocket frames before start validation, and the unreleas...
GHSA-XWR5-M59H-VWQR Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes
Impact The nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable...
CVE-2026-31935
A flaw was found in Suricata. A remote attacker can exploit this vulnerability by sending a flood of crafted HTTP2 continuation frames. This can lead to memory exhaustion, causing the Suricata process to shut down, resulting in a Denial of Service DoS. Mitigation To mitigate this issue, consider...
CVE-2026-31935
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...
DEBIAN-CVE-2026-31935
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...
UBUNTU-CVE-2026-31935
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...
CVE-2026-31935 Suricata http2: unbounded resource consumption
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...
CVE-2026-31935
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...
CVE-2026-31935
CVE-2026-31935 affects Suricata (IDS/IPS/NSM engine). The issue arises when flooding craft HTTP2 continuation frames leads to memory exhaustion, usually causing the Suricata process to be terminated by the OS. It is fixed in Suricata versions 7.0.15 and 8.0.4. Connected sources confirm the vulner...
CVE-2026-31935
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...
CVE-2026-31935
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...
CVE-2026-31935 Suricata http2: unbounded resource consumption
Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...
CVE-2026-21714
A flaw was found in Node.js. A remote attacker can exploit this vulnerability in Node.js HTTP/2 servers by sending specially crafted WINDOWUPDATE frames on stream 0 connection-level. These frames can cause the flow control window to exceed its maximum value, leading to a memory leak as Http2Sessi...