4434 matches found
Security Bulletin: Vulnerability in nghttp2 library (CVE-2023-44487) affects Power HMC
Summary The nghttp2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2...
CVE-2024-3302
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
CVE-2024-3302
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
CVE-2024-3302
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
CVE-2024-3302
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
CVE-2024-3302
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
CVE-2024-3302
CVE-2024-3302 describes an unbounded processing of HTTP/2 CONTINUATION frames, enabling an Out of Memory condition in the browser. Affected: Firefox <125, Firefox ESR <115.10, Thunderbird
CVE-2024-3302
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
SUSE-SU-2024:1308-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation bsc1222384...
SUSE-SU-2024:1305-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation bsc1222384...
Security Vulnerabilities fixed in Firefox 125 — Mozilla
GetBoundName could return the wrong version of an object when JIT optimizations were applied. Memory corruption in the networking stack could have led to a potentially exploitable crash. A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage...
Security Vulnerabilities fixed in Firefox ESR 115.10 — Mozilla
GetBoundName could return the wrong version of an object when JIT optimizations were applied. In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. The JIT created incorrect code for arguments in certain cases. This led to potential...
Mozilla Firefox < 125.0
The version of Firefox installed on the remote Windows host is prior to 125.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-18 advisory. - The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected Windows...
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-107-01)
The version of mozilla-firefox installed on the remote host is prior to 115.10.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-107-01 advisory. - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to...
Mozilla Firefox < 125.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 125.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-18 advisory. - The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected...
Mozilla Firefox ESR < 115.10
The version of Firefox ESR installed on the remote Windows host is prior to 115.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-19 advisory. - The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected...
Debian dsa-5662 : apache2 - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5662 advisory. - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - Faulty input...
Traefik affected by HTTP/2 CONTINUATION flood in net/http
There is a potential vulnerability in Traefik managing HTTP/2 connections. More details in the CVE-2023-45288. Patches - https://github.com/traefik/traefik/releases/tag/v2.11.2 - https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5 Workarounds No workaround For more information If you have...
GHSA-7F4J-64P6-5H5V Traefik affected by HTTP/2 CONTINUATION flood in net/http
There is a potential vulnerability in Traefik managing HTTP/2 connections. More details in the CVE-2023-45288. Patches - https://github.com/traefik/traefik/releases/tag/v2.11.2 - https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5 Workarounds No workaround For more information If you have...
Mageia: Security Advisory (MGASA-2024-0124)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...