Google Chrome Code Execution Vulnerability (CNVD-2024-33608)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that stems from a security issue with Frames. An attacker can exploit the vulnerability to execute arbitrary code on the system...

KLA71043 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1...

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

nghttp2: CONTINUATION frames DoS

A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...

Important: Red Hat Security Advisory: nodejs:18 security update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

nghttp2: CONTINUATION frames DoS

A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...

nghttp2: CONTINUATION frames DoS

A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...

Unbreakable Enterprise kernel security update

5.15.0-208.159.3.2 - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36660755...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.333.5.1.el7 - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36660755 - pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 Alan Adamson Orabug: 36836653...

Unbreakable Enterprise kernel security update

4.1.12-124.87.2.2 - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36660755...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that stems from a security issue with Frames. An attacker can exploit the vulnerability to execute arbitrary code on the system...

Unbreakable Enterprise kernel security update

4.14.35-2047.538.5.1 - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36660755...

Unbreakable Enterprise kernel security update

5.4.17-2136.333.5.1 - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36660755 - pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 Alan Adamson Orabug: 36836653...

RHEL 9 : nodejs (RHSA-2024:4721)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4721 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2024-039 (ALASECS-2024-039)

The version of ecs-init installed on the remote host is prior to 1.84.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-039 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...

Google Chrome < 127.0.6533.72 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 127.0.6533.72. It is, therefore, affected by multiple vulnerabilities as referenced in the 202407stable-channel-update-for-desktop23 advisory. - Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a...

EulerOS 2.0 SP8 : golang (EulerOS-SA-2024-2030)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...

Medium: ecs-init

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

kernel: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure

In the Linux kernel, the following vulnerability has been resolved: lib/testhmm.c: handle srcpfns and dstpfns allocation failure The kcalloc in dmirrordeviceevictchunk will return null if the physical memory has run out. As a result, if srcpfns or dstpfns is dereferenced, the null pointer...

nghttp2: CONTINUATION frames DoS

A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...