FreeBSD 802.11 Network Subsystem Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of 802.11 Wi-Fi beacon frames. The issue results from the lack of...

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2022-1735)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Group Temporal Key GTK during the group key handshake, allowing an attacker...

The vulnerability of the WPA2 algorithm implementation in TP-Link Archer AX10 router software allows a hacker to disable the connected client from the network, due to security configuration errors.

The vulnerability of the WPA2 algorithm implemented in TP-Link Archer AX10 router software is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to remotely disable clients connected to the network by sending specially crafted authentication frames...

CVE-2022-1803

Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2...

CVE-2022-1803

Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2...

Input validation

Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2...

CVE-2019-9512

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

Moderate: lynx security update

Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. Security Fixes: lynx: Disclosure of HTTP authentication credentials via SNI data CVE-2021-38165 For more details about the security issues, including the impact, a CVS...

Adiscon Rsyslog 安全漏洞

Adiscon Rsyslog is a library for collecting syslogs from the German company Adiscon. A security vulnerability exists in Adiscon Rsyslog version 8.2204.0 and earlier versions, which stems from a heap buffer overflow in the module used to receive TCP syslogs when using octet-counted frames, which c...

GSD-2022-1001059 ath11k: Fix frames flush failure caused by deadlock

ath11k: Fix frames flush failure caused by deadlock This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...

CVE-2022-28328

A vulnerability has been identified in SCALANCE W1788-1 M12 All versions V3.0.0, SCALANCE W1788-2 EEC M12 All versions V3.0.0, SCALANCE W1788-2 M12 All versions V3.0.0, SCALANCE W1788-2IA M12 All versions V3.0.0. Affected devices do not properly handle malformed Multicast LLC frames. This could...

CVE-2022-28328

A vulnerability has been identified in SCALANCE W1788-1 M12 All versions V3.0.0, SCALANCE W1788-2 EEC M12 All versions V3.0.0, SCALANCE W1788-2 M12 All versions V3.0.0, SCALANCE W1788-2IA M12 All versions V3.0.0. Affected devices do not properly handle malformed Multicast LLC frames. This could...

CVE-2022-28328

A vulnerability has been identified in SCALANCE W1788-1 M12 All versions V3.0.0, SCALANCE W1788-2 EEC M12 All versions V3.0.0, SCALANCE W1788-2 M12 All versions V3.0.0, SCALANCE W1788-2IA M12 All versions V3.0.0. Affected devices do not properly handle malformed Multicast LLC frames. This could...

Race condition

A vulnerability has been identified in SCALANCE W1788-1 M12 All versions V3.0.0, SCALANCE W1788-2 EEC M12 All versions V3.0.0, SCALANCE W1788-2 M12 All versions V3.0.0, SCALANCE W1788-2IA M12 All versions V3.0.0. Affected devices do not properly handle malformed Multicast LLC frames. This could...

Code injection

grpc-swift is the Swift language implementation of gRPC, a remote procedure call RPC framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: ...

CVE-2022-24777 Denial of Service via reachable assertion in grpc-swift

grpc-swift is the Swift language implementation of gRPC, a remote procedure call RPC framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: ...

PT-2022-16872 · Unknown · Grpc Swift

Name of the Vulnerable Software and Affected Versions: grpc-swift versions prior to 1.7.2 Description: The issue is a denial of service attack via a reachable assertion, caused by incorrect logic when handling GOAWAY frames. This attack requires minimal resources to construct and send the require...

USN-5343-1: Linux kernel vulnerabilities

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent feature. A local attacker could use this to gain administrative privileges. CVE-2022-0492 It was discovered that the aufs file system in the Linux...

Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5343-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5343-1 advisory. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent...

UBUNTU-CVE-2022-26966

An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device...