38 matches found
Astra Linux - уязвимость в firefox
In a non-standard configuration of Firefox, an integer overflow could have occurred due to network traffic possibly under the influence of a local unprivileged web page, resulting in an out-of-bounds write to privileged process memory. This bug only affects Firefox if a non-standard preference...
curl: curl’s persistence files inherit world-readable/writable perms from umask, leaking and tampering with cookies/HSTS/Alt-Svc caches
Executive Summary Curlfopen clones the permissions of any pre-existing persistence file when creating its temporary file. When the persistence file does not exist, it first creates one with the process umask typically 022, i.e., 0644. That mode is then copied to the temp file via 0600 | sb.stmode...
EUVD-2023-1597
Malicious code in bioql PyPI...
CVE-2022-24668
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handlin...
USN-6404-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-5169, CVE-2023-5170,...
GHSA-PGFX-G6RC-8CJV swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. This vulnerability is caused by a logical error...
swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. This vulnerability is caused by a logical error...
K49902412: nghttp vulnerability CVE-2018-1000168
Security Advisory Description nghttp2 version = 1.10.0 and nghttp2 = 1.31.1. CVE-2018-1000168 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability,...
SUSE CVE-2018-1000168
nghttp2 version = 1.10.0 and nghttp2 = 1.31.1...
Denial of Service (DoS)
Overview apple/swift-nio-http2 is a HTTP/2 support for SwiftNIO. Affected versions of this package are vulnerable to Denial of Service DoS. This can be caused by a network peer sending ALTSVC or ORIGIN frames, due to a logical error after frame parsing but before frame handling. Details Denial of...
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pgfx-g6rc-8cjv. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC o...
GHSA-GPGX-WHWH-R297 Duplicate advisory: swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pgfx-g6rc-8cjv. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC o...
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pgfx-g6rc-8cjv. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC o...
CVE-2022-24668
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handlin...
CVE-2022-24668
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handlin...
Design/Logic Flaw
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handlin...
CVE-2022-24668
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handlin...
CVE-2022-24668
CVE-2022-24668 affects the Swift NIO HTTP/2 library (swift-nio-http2) across versions 1.0.0–1.19.1. The root cause is a logic error after frame parsing but before frame handling: ALTSVC and ORIGIN frames, which are not supported, are mishandled via a trap in one code path. This can be exploited b...
PT-2022-16786 · Apple · Swift-Nio-Http2
Name of the Vulnerable Software and Affected Versions: swift-nio-http2 versions 1.0.0 through 1.19.1 Description: A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack is caused by a logical error after...
SUSE SLES12 Security Update : nghttp2 (SUSE-SU-2021:0932-1) (Data Dribble) (Resource Loop)
This update for nghttp2 fixes the following issues : Security issues fixed : CVE-2020-11080: HTTP/2 Large Settings Frame DoS bsc1181358. CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service bsc1146184. CVE-2019-9511: Fixed...