io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack

A client might overload the server by issue frequent RST frames. This can cause a massive amount of load on the remote system and so cause a DDOS attack. Impact This is a DDOS attack, any http2 server is affected and so you should update as soon as possible. Patches This is patched in version...

CVE-2023-5103

Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe...

CVE-2023-5103

The CVE-2023-5103 issue affects SICK APU’s RDT400, where improper restriction of rendered UI layers or frames can allow an unprivileged remote attacker to disclose sensitive information by tricking a user into clicking an actionable item in an iframe. Documents consistently identify the affected ...

Qualcomm Chip Resource Management Error Vulnerability

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and is often manufactured on the surface of semiconductor wafers. The Qualcomm chip suffers from a resource management error vulnerability that...

GHSA-Q8WC-J5M9-27W3 Denial of Service issue in quinn-proto

Impact Receiving unknown QUIC frames in a QUIC packet could result in a panic. Patches The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases. References Fixed in https://github.com/quinn-rs/quinn/pull/1667, backported in https://github.com/quinn-rs/quinn/pull/1668 and...

DEBIAN-CVE-2023-42805

quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...

UBUNTU-CVE-2023-42805

quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...

RUSTSEC-2023-0063 Denial of service in Quinn servers

Receiving QUIC frames containing a frame with unknown frame type could lead to a panic. Unfortunately this is issue was not found by our fuzzing infrastructure. Thanks to the QUIC Tester research group for reporting this issue...

PT-2023-28591 · Unknown +1 · Quinn-Proto +1

Name of the Vulnerable Software and Affected Versions: quinn-proto versions prior to 0.9.5 quinn-proto versions prior to 0.10.5 Description: Receiving unknown QUIC frames in a QUIC packet could result in a panic. The issue was reported by the QUIC Tester research group and was not found by the...

HP LaserJet Printers Multiple Vulnerabilities (HPSBPI03574)

The remote HP LaserJet printer is potentially affected by the following vulnerabilities: - Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Pairwise Transient Key PTK Temporal Key TK during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoo...

CVE-2023-40039

An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker in proximity to a Wi-Fi network can derive the default WPA2-PSK value by observing a beacon frame...

FreeBSD : FreeBSD -- Wi-Fi encryption bypass (924cb116-4d35-11ee-8e38-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 924cb116-4d35-11ee-8e38-002590c1f29c advisory. - The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept...

Medium: spice-protocol

Issue Overview: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. CVE-2018-10893 Affected Packages: spice-protocol Note: This advisory...

PT-2023-24138 · Qualcomm · Qualcomm Snapdragon Chipsets

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Chipsets affected versions not specified Description: The issue is related to a Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame. There is no information provided about the estimated...

ROS-20230830-01

The vulnerability of the Floating Frames component of the LibreOffice office software package is related to flaws in access control. in access control. Exploiting the vulnerability could allow an attacker to perform a spoofing attack using a specially crafted file A vulnerability in the Spreadshe...

Amazon Linux 2 : spice-protocol (ALAS-2023-2219)

The version of spice-protocol installed on the remote host is prior to 0.12.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2219 advisory. Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A...

PT-2023-9339 · Exempi +7 · Exempi +7

Name of the Vulnerable Software and Affected Versions: exempi versions 2.5.0 and earlier Description: The issue is related to a Buffer Overflow vulnerability in the ID3 Support::ID3v2Frame::getFrameValue function. This vulnerability can be exploited by remote attackers to cause a denial of servic...

CVE-2023-29468

The Texas Instruments TI WiLink WL18xx MCP driver does not limit the number of information elements IEs of type XCCEXT1IEID or XCCEXT2IEID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered that can potentially lead to remote code...

CVE-2023-28768

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80ABXN.1, XMG1930-30 firmware version V4.80ACAR.1, and XS1930-10 firmware version V4.80ABQE.1 could allow an unauthenticated LAN-based attacker to cause denial-of-service DoS conditions by sending crafted frames to an affected...

Input validation

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80ABXN.1, XMG1930-30 firmware version V4.80ACAR.1, and XS1930-10 firmware version V4.80ABQE.1 could allow an unauthenticated LAN-based attacker to cause denial-of-service DoS conditions by sending crafted frames to an affected...