AZL-33604 CVE-2021-44716 affecting package kube-vip-cloud-provider for versions less than 0.0.2-16

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33585 CVE-2021-44716 affecting package git-lfs for versions less than 3.1.4-17

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33612 CVE-2021-44716 affecting package local-path-provisioner for versions less than 0.0.21-16

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33613 CVE-2021-44716 affecting package moby-buildx for versions less than 0.7.1-18

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

Debian DLA-2863-1 : firefox-esr - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2863 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information...

OPENSUSE-SU-2021:1602-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.14 Security issues fixed: CVE-2021-41179: Fix boo1192028 - CWE-304: Two-Factor Authentication not enforced for pages marked as public CVE-2021-41178: Fix boo1192030 - CWE-434: File Traversal affecting SVG files on Nextcloud Serv...

Denial Of Service (DoS)

golang is vulnerable to denial of service. The vulnerability exists due to an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function which allows an attacker to submits maliciously crafted requests to applications linked with net/http's http2...

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The vulnerability exists due to a use-after-free that occur when an HTTP2 session object was released on a different thread...

Security update for nodejs14 (important)

openSUSE Security Update: Security update for nodejs14 Announcement ID: openSUSE-SU-2021:1552-1 Rating: important References: 1190053 1190054 1190055 1190056 1190057 1191601 1191602 Cross-References: CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134...

CVE-2021-43535

A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 93, Thunderbird 91.3, and Firefox ESR 91.3...

CVE-2021-43535

A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 93, Thunderbird 91.3, and Firefox ESR 91.3...

CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

CVE-2021-43535

A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 93, Thunderbird 91.3, and Firefox ESR 91.3...

Design/Logic Flaw

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

Design/Logic Flaw

A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 93, Thunderbird 91.3, and Firefox ESR 91.3...

CVE-2021-38507

CVE-2021-38507 describes a vulnerability in HTTP/2 Opportunistic Encryption (RFC 8164) where, if a second encrypted port on the same IP (e.g., 8443) did not opt in, a network attacker could forward 443 to 8443 and trick the browser into treating the content as same-origin with HTTP. The issue was...

CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

CVE-2021-43535

CVE-2021-43535 is a memory-safety vulnerability in Mozilla browsers where an HTTP2 session object could be released on a different thread, causing use-after-free, memory corruption, and a potentially exploitable crash. The consolidated information across sources indicates the issue affects Firefo...