4430 matches found
CVE-2024-3302
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
CVE-2024-3302
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
CVE-2024-3302
CVE-2024-3302 describes an unbounded processing of HTTP/2 CONTINUATION frames, enabling an Out of Memory condition in the browser. Affected: Firefox <125, Firefox ESR <115.10, Thunderbird
CVE-2024-3302
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
SUSE-SU-2024:1308-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation bsc1222384...
SUSE-SU-2024:1305-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation bsc1222384...
Mozilla Firefox < 125.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 125.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-18 advisory. - The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected...
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-107-01)
The version of mozilla-firefox installed on the remote host is prior to 115.10.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-107-01 advisory. - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to...
Security Vulnerabilities fixed in Firefox 125 — Mozilla
GetBoundName could return the wrong version of an object when JIT optimizations were applied. Memory corruption in the networking stack could have led to a potentially exploitable crash. A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage...
Security Vulnerabilities fixed in Firefox ESR 115.10 — Mozilla
GetBoundName could return the wrong version of an object when JIT optimizations were applied. In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. The JIT created incorrect code for arguments in certain cases. This led to potential...
Debian dsa-5662 : apache2 - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5662 advisory. - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - Faulty input...
Mozilla Firefox ESR < 115.10
The version of Firefox ESR installed on the remote Windows host is prior to 115.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-19 advisory. - The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected...
Mozilla Firefox < 125.0
The version of Firefox installed on the remote Windows host is prior to 125.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-18 advisory. - The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected Windows...
Traefik affected by HTTP/2 CONTINUATION flood in net/http
There is a potential vulnerability in Traefik managing HTTP/2 connections. More details in the CVE-2023-45288. Patches - https://github.com/traefik/traefik/releases/tag/v2.11.2 - https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5 Workarounds No workaround For more information If you have...
GHSA-7F4J-64P6-5H5V Traefik affected by HTTP/2 CONTINUATION flood in net/http
There is a potential vulnerability in Traefik managing HTTP/2 connections. More details in the CVE-2023-45288. Patches - https://github.com/traefik/traefik/releases/tag/v2.11.2 - https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5 Workarounds No workaround For more information If you have...
Mageia: Security Advisory (MGASA-2024-0128)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2024-0124)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dsa-5659 : trafficserver - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5659 advisory. - HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 a...
Updated golang packages fix security vulnerability
CVE-2023-45288: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
MGASA-2024-0128 Updated golang packages fix security vulnerability
CVE-2023-45288: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...