Important: rsyslog

Issue Overview: A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary...

GHSA-H3Q4-6J7F-R24C priority vulnerable to denial of service

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority informati...

VulFi - Plugin To IDA Pro Which Can Be Used To Assist During Bug Hunting In Binaries

The VulFi Vulnerability Finder tool is a plugin to IDA Pro which can be used to assist during bug hunting in binaries. Its main objective is to provide a single view with all cross-references to the most interesting functions such as strcpy, sprintf, system, etc.. For cases where a Hexrays...

9 Steps Necessary for Infrastructure Security

By Waqas The ever-present threat of cyber security attacks has made IT infrastructure security a priority for most businesses. Cybercriminals… This is a post from HackRead.com Read the original post: 9 Steps Necessary for Infrastructure Security...

March 28, 2022—KB5011563 (OS Build 22000.593) Preview

March 28, 2022—KB5011563 OS Build 22000.593 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11 original release, see its update history page.Note Follow @WindowsUpdate to...

Duplicate advisory: swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pgfx-g6rc-8cjv. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a...

CVE-2022-24666

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS fram...

CVE-2022-24666

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS fram...

swift-nio-http2 安全漏洞

swift-nio-http2 is a SwiftPM project that can be built and tested very easily. A security vulnerability exists in swift-nio-http2 that stems from the fact that programs that use swift-nio-http2 are susceptible to a denial-of-service attack, which is caused by a network peer sending a specially...

PT-2022-16784 · Apple · Swift-Nio-Http2

Name of the Vulnerable Software and Affected Versions: swift-nio-http2 versions 1.0.0 through 1.19.1 Description: A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack is caused by a logical erro...

CVE-2021-44840

An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid...

Exploit for OS Command Injection in Gerapy

CVE-2021-43857 Gerapy prior to version 0.9.8 is vulnerable to...

GSD-2021-1002747 net: stmmac: fix tc flower deletion for VLAN priority Rx steering

net: stmmac: fix tc flower deletion for VLAN priority Rx steering This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.11 by commit...

SAP Kicks Log4Shell Vulnerability Out of 20 Apps

SAP has identified 32 apps that are affected by CVE-2021-44228 – the critical vulnerability in the Apache Log4j Java-based logging library that’s been under active attack since last week. As of yesterday, Patch Tuesday, the German software maker reported that it’s already patched 20 of those apps...

DEBIAN-CVE-2018-25021

The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service DoS...

UBUNTU-CVE-2018-25021

The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service DoS...

Vulristics Command Line Interface, improved Product & Vuln. Type Detections and Microsoft Patch Tuesday November 2021

Hello everyone! In this episode I want to highlight the latest changes in my Vulristics project. For those who dont know, this is a utility for prioritizing CVE vulnerabilities based on data from various sources.. Currently Microsoft, NVD, Vulners, AttackerKB. Command Line Interface I started...

gnome-shell 安全漏洞

gnome-shell is a shell that provides core user interface functionality such as switching windows, launching applications or viewing notifications for the GNOME desktop. A security vulnerability exists in gnome-shell, where an attacker with low privileged privileges may be able to exploit the...

CVE-2020-18684

Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number...

Integer overflow

Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number...