Medium: httpd

Issue Overview: In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2...

Buffer Overflow

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Buffer Overflow. An issue was discovered in singledocparser.cpp in yaml-cpp aka LibYaml-C++ 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem...

CVE-2017-15402

Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the pagestate of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially...

Facebook HHVM Denial of Service Vulnerability (CNVD-2019-37157)

Facebook HHVM aka HipHop Virtual Machine is a virtual machine from Facebook that significantly improves the performance of loading dynamic pages in PHP. A security vulnerability exists in Facebook HHVM versions 3.25.2 and earlier, 3.24.6 and earlier, and 3.21.10 and earlier, which stems from...

DEBIAN-CVE-2018-18351

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page...

CVE-2018-18351

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page...

UBUNTU-CVE-2018-18351

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page...

CVE-2018-18351

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page...

CVE-2018-18351

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page...

Code injection

An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.. Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending...

CVE-2018-19983

An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.. Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending...

The vulnerability of the Extensible Authentication Protocol over LAN (EAPOL) implementation in microprogrammable routering software from Cisco’s Small Business 100 Series and Cisco Small Business 300 Series allows a perpetrator to induce a service failure.

The vulnerability of the Extensible Authentication Protocol over LAN EAPOL implementation in microprogramming-based router software from Cisco’s Small Business 100 Series and Cisco Small Business 300 Series models is related to errors in processing EAPOL frames. Exploiting this vulnerability allo...

Medium: mod_http2

Issue Overview: In Apache HTTP Server, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2...

Apache Tomcat 8.5.x < 8.5.13 Multiple Vulnerabilities

According to its self-reported version number, the Apache Tomcat service running on the remote host is 8.5.x prior to 8.5.13. It is therefore affected by multiple vulnerabilities : - A flaw exists in the handling of pipelined requests when send file processing is used that results in the pipeline...

Denial Of Service (DoS) Through Null Pointer Dereference

onos-core-net is vulnerable to a denial of service DoS attack. The library does not properly process Ethernet frames, allowing a malicious user to pass a ethertype Jumbo Frame twice to the application to cause an exception, crashing it...

Texas Instruments Bluetooth Low Energy Denial of Service and Remote Code Execution Vulnerability

On November 1st, 2018, Armis announced the presence of a Remote Code Execution RCE or Denial of Service DoS vulnerability in the Bluetooth Low Energy BLE Stack on Texas Instruments TI chips CC2640 and CC2650. This vulnerability has been assigned the Common Vulnerabilities and Exposures CVE ID of...

GHSA-4R7G-7CPJ-5JR7 Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 inclusive the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are...

DEBIAN-CVE-2018-18484

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplusdemangletype, dbarefunctiontype,...

CVE-2018-18484

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplusdemangletype, dbarefunctiontype,...

CVE-2018-0395

A vulnerability in the Link Layer Discovery Protocol LLDP implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition when the device unexpectedly reloads. The vulnerability is due to improper input...