Lucene search
K

29 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0alpha0 to 10.0.1, and 11.0.0alpha0 to 11.0.1, CPU usage can reach 100% when receiving a large invalid TLS frame...

7.8CVSS6.9AI score0.53861EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/13 8:41 p.m.9 views

Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression

Description The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforci...

7.5CVSS5.8AI score0.0115EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/03/21 4:19 p.m.5 views

SUSE-SU-2024:0963-1 Security update for dav1d

This update for dav1d fixes the following issues: - CVE-2024-1580: Fixed tilestartoff calculations for extremely large frame sizes bsc1220100...

8.8CVSS8.7AI score0.01835EPSS
Exploits0References3
OSV
OSV
added 2023/12/05 6:12 p.m.3 views

CLSA-2023-1701799960 Fix of 8 CVEs

CVE-url: https://ubuntu.com/security/CVE-2023-45871 - igb: Limit maximum frame Rx based on MTU - igb: Only sync size of expected frame in ethtool testing - igb: Add support for ethtool private flag to allow use of legacy Rx - igb: Add support for using order 1 pages to receive large frames - igb:...

7.8CVSS6.5AI score0.00856EPSS
Exploits0References1
Snyk
Snyk
added 2023/03/26 7:52 a.m.3 views

Integer Overflow to Buffer Overflow

Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow when 2^31 = numframes height width channels 2^32, for example Full HD screencast of at least 346 frames. PoC import urllib.request dat =...

7.5CVSS7AI score0.00305EPSS
Exploits0References2
OSV
OSV
added 2023/03/25 12:15 a.m.8 views

AZL-35312 CVE-2023-25667 affecting package tensorflow for versions less than 2.11.1-1

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when 2^31 = numframes height width channels 2^32, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

7.5CVSS6.7AI score0.00305EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.3 views

SUSE CVE-2016-6160

tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service segmentation fault via a large frame, a related issue to CVE-2017-14266...

7.5CVSS6.9AI score0.02133EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.4 views

SUSE CVE-2020-15106

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentional...

5.3CVSS7.5AI score0.01291EPSS
Exploits0References25
RedHat Linux
RedHat Linux
added 2022/09/09 7:12 a.m.3 views

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

7.8CVSS7.2AI score0.53861EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/09/30 9:57 a.m.4 views

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

7.8CVSS7.2AI score0.53861EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/08/19 7:17 a.m.3 views

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

7.8CVSS7.2AI score0.53861EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/08/11 6:21 p.m.3 views

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

7.8CVSS7.2AI score0.53861EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/07/12 12:12 p.m.4 views

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

7.8CVSS7.2AI score0.53861EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/05/19 3:3 p.m.5 views

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

7.8CVSS7.2AI score0.53861EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/05/06 5:45 p.m.5 views

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

7.8CVSS7.2AI score0.53861EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/03/17 3:8 p.m.4 views

etcd: Large slice causes panic in decodeRecord method

A flaw was found In etcd, where a large slice causes panic in the decodeRecord method. The size of a record is stored in the length field of a WAL file, and no additional validation is performed on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionall...

6.5CVSS6.9AI score0.01291EPSS
Exploits0References5
Veracode
Veracode
added 2020/08/06 6:19 a.m.37 views

Denial Of Service (DoS)

github.com/etcd-io/etcd is vulnerable to denial of service. An attacker is able to cause a panic in the decodeRecord method and a denial of service condition in a RAFT participant when decoding the WAL by forging a large frame size...

6.5CVSS3.1AI score0.01291EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2020/08/05 7:15 p.m.9 views

AZL-6388 CVE-2020-15106 affecting package etcd for versions less than 3.5.0-3

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentional...

6.5CVSS6.8AI score0.01291EPSS
Exploits0References1
OSV
OSV
added 2020/08/05 7:15 p.m.31 views

CVE-2020-15106

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentional...

6.5CVSS6.3AI score0.01256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/08/05 12:0 a.m.9 views

PT-2020-14189 · Etcd +4 · Etcd +4

Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.0 through 3.3.22 etcd versions 3.4.0 through 3.4.9 Description: The issue is related to a lack of validation on the size of a record stored in the length field of a WAL file. This allows for the creation of a forged, extreme...

9.8CVSS6.5AI score0.9378EPSS
Exploits4References144
Rows per page
Query Builder