Lucene search
K

301 matches found

OSV
OSV
added 2024/02/29 6:15 a.m.2 views

DEBIAN-CVE-2023-52478

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidppconnectevent has four time-of-check vs time-of-use TOCTOU races when it races with itself. hidppconnectevent primarily runs from a workqueue but it also runs o...

4.7CVSS5.4AI score0.00172EPSS
Exploits0References1
Veracode
Veracode
added 2024/02/13 3:57 p.m.27 views

Denial Of Service (DoS)

github.com/envoyproxy/envoy is vulnerability to Denial Of Service DoS. The vulnerability is due to instances with Proxy Protocol version 2 PPv2 enabled on both a listener and a subsequent cluster. When the downstream request has a command type of LOCAL and lacks the protocol block, attempting to...

7.5CVSS6.9AI score0.00693EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 2024/02/12 10:27 a.m.6 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
Positive Technologies
Positive Technologies
added 2024/02/09 12:0 a.m.3 views

PT-2024-2770 · Envoy +1 · Envoy +1

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.7 Envoy versions prior to 1.27.3 Envoy versions prior to 1.28.1 Envoy versions prior to 1.29.1 Description: The issue is related to pointer dereference errors in the Envoy proxy server. Exploitation of this issue...

7.8CVSS7.6AI score0.00693EPSS
Exploits0References17
RedHat Linux
RedHat Linux
added 2024/01/25 8:13 a.m.2 views

kernel: data races around sk->sk_prot

A data race problem was found in sk-skprot in the network subsystem in ipv6 in the Linux kernel. This issue occurs while some functions access critical data, leading to a denial of service...

6.4CVSS6.6AI score0.00301EPSS
Exploits0References5
OSV
OSV
added 2024/01/16 4:15 p.m.3 views

DEBIAN-CVE-2023-45235

EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or...

8.8CVSS7.4AI score0.01213EPSS
Exploits1References1
OSV
OSV
added 2024/01/16 4:15 p.m.8 views

AZL-39106 CVE-2023-45230 affecting package edk2 for versions less than 20230301gitf80f052277c8-40

EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability...

8.8CVSS7AI score0.01213EPSS
Exploits1References1
OSV
OSV
added 2024/01/16 4:15 p.m.1 views

DEBIAN-CVE-2023-45230

EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability...

8.8CVSS7.4AI score0.01213EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/12/01 2:19 a.m.6 views

SUSE CVE-2023-49081

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

4CVSS8AI score0.00874EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/11/24 4:57 p.m.4 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/11/02 3:29 p.m.11 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
OSV
OSV
added 2023/10/30 6:22 p.m.14 views

CLSA-2023-1698690146 nginx: Fix of CVE-2023-44487

CVE-2023-44487: HTTP/2 - per-iteration stream handling limit...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References1
BDU FSTEC
BDU FSTEC
added 2023/10/17 12:0 a.m.6 views

The vulnerability of the ICMPv6 network protocol implementation in Junos QFX5K routers allows a attacker to cause a service failure.

The vulnerability of the ICMPv6 network protocol implementation in Junos QFX5K routers lies in the execution of a loop with an unavailable exit condition when processing WAV/AVI format files. Exploiting this vulnerability allows a remote attacker to cause service failures...

7.8CVSS7.4AI score0.00531EPSS
Exploits0References3Affected Software1
MSRC
MSRC
added 2023/10/10 7:0 a.m.13 views

Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2

Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service DDoS attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability CVE-2023-44487 impacts any internet exposed HTTP/2 endpoints. As an...

7.5CVSS7.6AI score0.99999EPSS
Exploits19
OSV
OSV
added 2023/09/27 6:15 p.m.2 views

CVE-2023-20187

A vulnerability in the Multicast Leaf Recycle Elimination mLRE feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service DoS condition. This...

7.5CVSS5.8AI score0.00652EPSS
Exploits0References1
Citrix
Citrix
added 2023/09/27 12:0 a.m.11 views

Can't view license usage on Studio - Error "Citrix license server unavailable"

Can't view license usage on Studio - "Citrix License server unavailable." When accessing the License Manager web console, error Unsupported Protocol with the message "The client and server don't support a common ssl protocol version or cipher suite" appears...

7.1AI score
Exploits0
OSV
OSV
added 2023/08/04 6:15 p.m.4 views

AZL-27830 CVE-2023-38697 affecting package rubygem-protocol-http1 for versions less than 0.15.1-1

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

5.3CVSS6.1AI score0.00637EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.5 views

Contiki-NG 缓冲区错误漏洞

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. Contiki-NG suffers from a buffer error vulnerability that stems from the fact that when reading TCP MSS option values from incoming packets, the Contiki-NG operating system does not...

7.3CVSS6.7AI score0.00437EPSS
Exploits0References3
OSV
OSV
added 2023/05/25 10:15 p.m.2 views

UBUNTU-CVE-2023-31130

c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...

6.4CVSS7AI score0.00333EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/05/10 12:0 a.m.3 views

PT-2023-13512 · Facebook · Hhvm

Name of the Vulnerable Software and Affected Versions: HHVM versions 4.172.0 and all prior versions Description: The issue arises from HHVM using TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS 1.0 has numerous published vulnerabilities and is deprecated...

9.8CVSS7.5AI score0.00527EPSS
Exploits0References11
Rows per page
Query Builder