CVE-2025-54500

CVE-2025-54500 describes an HTTP/2 implementation flaw that allows a DoS via malformed HTTP/2 control frames to break the max concurrent streams limit (the MadeYouReset attack). Affected products are F5 BIG-IP and BIG-IP Next families with multiple vulnerable branches; affected versions include B...

CVE-2025-54500 HTTP/2 Vulnerability

An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit HTTP/2 MadeYouReset Attack. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-55163

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent...

CVE-2025-55163

Netty (HTTP/2) vulnerability CVE-2025-55163: a logic flaw in HTTP/2 control frames (MadeYouReset) can bypass max concurrent streams, causing resource exhaustion and DoS. Affected: Netty versions before 4.1.124.Final and 4.2.4.Final. Impact: high availability risk; no confidentiality/integrity imp...

CVE-2025-55163 Netty MadeYouReset HTTP/2 DDoS Vulnerability

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent...

CVE-2025-55163 Netty MadeYouReset HTTP/2 DDoS Vulnerability

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent...

K000152001: HTTP/2 vulnerability CVE-2025-54500

Security Advisory Description An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames to break the maximum concurrent streams limit HTTP/2 MadeYouReset Attack. CVE-2025-54500 Impact This vulnerability allows a remote, unauthenticated attacker to caus...

PT-2025-33005

Name of the Vulnerable Software and Affected Versions: Affected versions not specified Description: An implementation flaw in HTTP/2 can lead to a denial-of-service DoS condition. This occurs through the use of malformed HTTP/2 control frames, which disrupt the maximum concurrent streams limit,...

Linux Distros Unpatched Vulnerability : CVE-2024-35982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmit the local translation table...

PT-2025-32666 · Liferay · Liferay Portal +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.8 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through...

BIT-LIBPHP-2023-0568 Array overrun in common path resolve code

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value,...

Linux Distros Unpatched Vulnerability : CVE-2024-26818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tools/rtla: Fix clang warning about mountpoint var size clang is reporting this warning: $...

Linux Distros Unpatched Vulnerability : CVE-2019-11479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly mo...

Linux Distros Unpatched Vulnerability : CVE-2023-52429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a...

Linux Distros Unpatched Vulnerability : CVE-2024-53225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iommu/tegra241-cmdqv: Fix alignment failure at maxnshift When configuring a kernel with...

Linux Distros Unpatched Vulnerability : CVE-2024-26692

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: smb: Fix regression in writes when non-standard maximum write size negotiated The conversion...

Linux Distros Unpatched Vulnerability : CVE-2022-50221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/fb-helper: Fix out-of-bounds access Clip memory range to screen-buffer size to avoid...

Linux Distros Unpatched Vulnerability : CVE-2022-49952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on probe Add the missing sanity check on the...

SUSE CVE-2025-38481

In the Linux kernel, the following vulnerability has been resolved: comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large The handling of the COMEDIINSNLIST ioctl allocates a kernel buffer to hold the array of struct comediinsn, getting the length from the ninsns member of the struct...

AZL-65922 CVE-2025-38481 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large The handling of the COMEDIINSNLIST ioctl allocates a kernel buffer to hold the array of struct comediinsn, getting the length from the ninsns member of the struct...