CVE-2024-10463

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Video frames could have been leaked between origins in some situations...

CVE-2024-10463

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...

CVE-2024-10463

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...

CVE-2024-10463

CVE-2024-10463 : Video frames could be leaked between origins in certain scenarios. Affected products include Mozilla Firefox and Thunderbird families with versions older than Firefox 132, ESR 128.4/115.17, and Thunderbird 128.4/132.0.1. The connected advisories confirm the issue and provide reme...

CVE-2024-10463

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...

CVE-2024-10463

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...

CVE-2024-10463

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...

CVE-2024-10463

Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...

Security Vulnerabilities fixed in Firefox ESR 115.17 — Mozilla

A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. Video frames could have been leaked between origins in some...

CVE-2024-50045

The CVE-2024-50045 entry concerns a Linux kernel vulnerability in br_netfilter that can panic (crash) when forwarding untagged frames via a VxLAN bridge port, due to an invalid skb_dst handling during fragmentation checks. The root cause is a metadata_dst tunnel destination being treated as valid...

CVE-2024-49997

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skbputpadto to pad Ethernet frames...

CVE-2024-49997 net: ethernet: lantiq_etop: fix memory disclosure

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skbputpadto to pad Ethernet frames...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to zero out a buffer when using the skbputpadto function for Ethernet frame stuffing, resulting in...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2024-735)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-735 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing...

MediaTek 芯片 安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips, which stems from incorrect validation of wlan frame inputs and possible out-of-bounds writes...

Medium: amazon-ssm-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

[SECURITY] [DLA 3898-1] nghttp2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3898-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 27, 2024 https://wiki.debian.org/LTS -...

CVE-2024-41715

The goTenna Pro ATAK Plugin does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used...

CVE-2024-20434

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this...

CVE-2024-20434

Cisco IOS XE Software is affected by a CVE-2024-20434 DoS vulnerability where an unauthenticated, adjacent attacker can exploit mis‑handling of frames with VLAN tag information to render the control plane unresponsive. The issue specifically affects the control plane; data plane traffic remains u...