CVE-2018-12545

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...

The vulnerability of Google Chrome browser, related to insufficient validation of input data, allows a hacker to circumvent the Cookie SameSite policy.

The vulnerability of Google Chrome lies in the lack of proper validation of cookie-related frames during the sending of cookies. Exploiting this vulnerability allows a remote attacker to circumvent the Cookie SameSite policy by using a specially created HTML page...

Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...

Denial Of Service (DoS)

mqtt-client is vulnerable to denial of service DoS attacks. The vulnerability exists as the readUTF function in MessageSupport does not properly check if a MQTT frame is malformed, causing a denial of service condition when unmarshalled...

CVE-2018-12545

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...

Design/Logic Flaw

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...

CVE-2018-12545

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...

UBUNTU-CVE-2018-12545

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...

CAN Flood

This module floods a CAN interface with supplied frames. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CAN Flood', 'Description' = 'This module floods a CAN interface with supplied frames.',...

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

CVE-2019-1617

A vulnerability in the Fibre Channel over Ethernet FCoE N-port Virtualization NPV protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to an incorrect processing of FCoE packets when...

CVE-2019-1594

A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN EAPOL...

Updated spice-gtk packages fix security vulnerability

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...

Updated spice packages fix security vulnerability

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslotgetvirt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. CVE-2019-3813 A vulnerability was discovered in SPICE before versio...

nghttp2: Null pointer dereference when too large ALTSVC frame is received

nghttp2 version = 1.10.0 and nghttp2 = 1.31.1...

httpd: DoS for HTTP/2 connections by continuous SETTINGS frames

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...

nghttp2: Null pointer dereference when too large ALTSVC frame is received

nghttp2 version = 1.10.0 and nghttp2 = 1.31.1...

httpd: DoS for HTTP/2 connections by continuous SETTINGS frames

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...

X (Formerly Twitter): Protected tweets exposure through the URL

Summary Leaking sensitive information from protected tweets via a prepared website. This vulnerability could lead to exposure of information such as credit card numbers, bank account numbers, phone numbers, tokens, specific words or even the whole phrases but also the exposure of any additional...

Marvell Avastar wireless SoCs have multiple vulnerabilities

Overview Some Marvell Avastar wireless system on chip SoC models have multiple vulnerabilities, including a block pool overflow during Wi-Fi network scan. Description A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs models 88W8787,...