USN-6208-1 golang-websocket vulnerability

It was discovered that Gorilla WebSocket incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service...

PT-2023-4034 · Siemens · Simatic Mv540 S +2

Name of the Vulnerable Software and Affected Versions: SIMATIC MV540 H versions prior to V3.3.4 SIMATIC MV540 S versions prior to V3.3.4 SIMATIC MV550 H versions prior to V3.3.4 SIMATIC MV550 S versions prior to V3.3.4 SIMATIC MV560 U versions prior to V3.3.4 SIMATIC MV560 X versions prior to...

Denial of Service via reachable assertion

A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is hig...

GHSA-R6WW-5963-7R95 Denial of Service via reachable assertion

A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is hig...

Denial of service via HTTP/2 HEADERS frames padding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.2. It is fixed in 1.20.0 and later releases. This vulnerability is caused by a logica...

MGASA-2023-0194 Updated libreoffice packages fix security vulnerability

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...

UBUNTU-CVE-2023-0668

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark...

gatsby 路径遍历漏洞

gatsby is a software application. A free open source framework based on React that helps developers build extremely fast websites and applications. A path traversal vulnerability exists in Gatsby versions prior to 4.25.7 and prior to 5.9.1, which stems from a local file inclusion vulnerability in...

Design/Logic Flaw

Transient DOS in WLAN Firmware while processing frames with missing header fields...

CVE-2023-21659

CVE-2023-21659 is a Qualcomm WLAN firmware issue described as a Transient DoS when processing frames with missing header fields. Connected sources label it as a Buffer Over-read in WLAN firmware affecting Qualcomm components; the exact affected firmware versions and a fix are not detailed in the ...

PT-2023-18321 · Unknown · Wlan Firmware

Name of the Vulnerable Software and Affected Versions: WLAN Firmware affected versions not specified Description: The issue is related to a transient Denial of Service DOS in the WLAN Firmware. It occurs while processing received beacon or probe response frames. Recommendations: At the moment,...

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a denial of service in the WLAN firmware when processing received beacons or probe response frames...

PT-2023-18324 · Qualcomm · Snapdragon +120

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A transient Denial of Service DOS can occur while parsing WLAN beacon or probe-response frames. Recommendations: At the moment, there is no information about a newer version that...

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated. A security vulnerability exists in Qualcomm Chipsets that originates from a denial of service when parsing WLAN beacons or probing response frames...

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from the disclosure of information in the WLAN HOST when sending DPP operation frames to a peer with an invalid source address...

The vulnerability of the Floating Frames component in the LibreOffice office software package allows a hacker to perform a spoofing attack.

The vulnerability of the Floating Frames component in the LibreOffice office software package is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to carry out a spear-phishing attack using a specially created file...

Null pointer dereference

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference...

Race condition

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions...

CVE-2023-33975 RIOT-OS vulnerable to Out of Bounds Write in _rbuf_add

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used...

CVE-2023-33975 RIOT-OS vulnerable to Out of Bounds Write in _rbuf_add

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used...