3903 matches found
kernel: virtio-net: tun: mlx5_core short frame denial of service
A denial of service DoS attack was found in the mlx5 driver in the Linux kernel. A KVM guest VM using virtio-net can crash the host by sending a short packet, for example, size = ETHHLEN...
kernel: virtio-net: tun: mlx5_core short frame denial of service
A denial of service DoS attack was found in the mlx5 driver in the Linux kernel. A KVM guest VM using virtio-net can crash the host by sending a short packet, for example, size = ETHHLEN...
Medium: oci-add-hooks
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
Medium: oci-add-hooks
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
Amazon Linux 2 : oci-add-hooks (ALASNITRO-ENCLAVES-2024-043)
The version of oci-add-hooks installed on the remote host is prior to 0-0.2.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2024-043 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...
EulerOS 2.0 SP12 : golang (EulerOS-SA-2024-2214)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaini...
ROS-20240815-06
Vulnerability in the HTTP/2 protocol implementation of Mozilla Firefox, Firefox ESR and the mail client Thunderbird is related to uncontrolled resource consumption as a result of incorrect limitation on the field block size when processing CONTINUATION frames. field block size when processing...
ROS-20240814-05
A vulnerability in the "Save As" function of Mozilla Firefox, Firefox ESR and Thunderbird email client on Windows operating systems is related to insufficient input data validation. Thunderbird email client of Windows operating systems is related to insufficient input data validation. Exploitatio...
kernel: virtio-net: tap: mlx5_core short frame denial of service
A denial of service DoS attack was found in the mlx5 driver in the Linux kernel. A KVM guest VM using virtio-net can crash the host by sending a short packet, for example, size = ETHHLEN...
Unbreakable Enterprise kernel security update
5.15.0-209.161.7 - loop: Fix a race between loop detach and loop open Gulam Mohamed Orabug: 36865975 5.15.0-209.161.6 - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36879156 CVE-2024-41090 CVE-2024-41091 - x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.334.6.el7 - loop: Fix a race between loop detach and loop open Gulam Mohamed Orabug: 36197800 - x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs Alexandre Chartre Orabug: 36672495 - x86/bhi: Avoid warning in DB handler due to BHI mitigation Alexandre Chartre...
Unbreakable Enterprise kernel security update
4.14.35-2047.539.5 - Revert 'mm/writeback: fix possible divide-by-zero in wbdirtylimits, again' Jan Kara - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36879158 CVE-2024-41090 CVE-2024-41091 4.14.35-2047.539.4 - Fix parsing error in UEK5 kernel-uek-spec Yifei Liu Orabug: 368471...
Unbreakable Enterprise kernel security update
5.4.17-2136.334.6 - loop: Fix a race between loop detach and loop open Gulam Mohamed Orabug: 36197800 - x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs Alexandre Chartre Orabug: 36672495 - x86/bhi: Avoid warning in DB handler due to BHI mitigation Alexandre Chartre Orabug...
httpd: CONTINUATION frames DoS
A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...
httpd: CONTINUATION frames DoS
A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...
httpd: CONTINUATION frames DoS
A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...
httpd: CONTINUATION frames DoS
A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...
DEBIAN-CVE-2024-6996
Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2024-6996
Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2024-6996
CVE-2024-6996 describes a race in Chrome/Chromium's Frames that enables UI spoofing when a user is induced to perform specific UI gestures on a crafted HTML page. Affected software is Google Chrome/Chromium prior to version 127.0.6533.72. The underlying issue is a race condition in Frames; exploi...