301 matches found
RIOT RIOT-OS 代码问题漏洞
RIOT-OS is an operating system that supports IoT devices and contains a network stack capable of handling 6LoWPAN frames. A denial of service vulnerability exists in versions of RIOT-OS prior to 2022.10, which can be exploited by an attacker to launch a denial of service attack...
undertow: Server identity in https connection is not checked by the undertow client
A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step that should at least be performed by default in HTTPS and in http/2...
CVE-2023-20081
A vulnerability in the IPv6 DHCP DHCPv6 client module of Cisco Adaptive Security Appliance ASA Software, Cisco Firepower Threat Defense FTD Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an...
SUSE CVE-2009-0478
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in 1 HttpMsg.c and 2 HttpStatusLine.c...
SUSE CVE-2015-1465
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update RCU grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service memory consumption or system crash via a flood of...
SUSE CVE-2015-8787
The nfnatredirectipv4 function in net/netfilter/nfnatredirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured...
SUSE CVE-2019-0196
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...
SUSE CVE-2019-10081
HTTP/2 2.4.20 through 2.4.39 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client...
SUSE CVE-2022-3435
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fibnhmatch of the file net/ipv4/fibsemantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to appl...
golang: net/http: handle server errors after sending GOAWAY
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...
CVE-2022-39317 Out of bounds read in zgfx decoder in FreeRDP
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in versio...
Contiki-NG 安全漏洞
Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A security vulnerability exists in Contiki-NG 4.7 and earlier versions, which stems from a buffer overflow that could be caused when an attacker copies an IPv6 address prefix in the...
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S) IMAP(S) POP3(S) and LDAP(S) (openldap only).
...
CVE-2022-27775
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead...
Server Message Block (SMB) Protocol Version Detection
The Server Message Block SMB Protocol provides shared access to files and printers across nodes on a network. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid160486; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/05/04";...
undertow: client side invocation timeout raised when calling over HTTP2
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...
Mageia: Security Advisory (MGASA-2014-0416)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-22155
An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator FPC of an ACX5448 router. The continuous flapping of an IPv6 neighbor with...
DEBIAN-CVE-2021-44716
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
AZL-33638 CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.7.10-19
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...