Lucene search
K

4434 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/04/16 4:51 p.m.43 views

Security Bulletin: Vulnerability in nghttp2 library (CVE-2023-44487) affects Power HMC

Summary The nghttp2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
NVD
NVD
added 2024/04/16 4:15 p.m.21 views

CVE-2024-3302

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

3.7CVSS5.4AI score0.00759EPSS
Exploits0References7
OSV
OSV
added 2024/04/16 4:15 p.m.5 views

CVE-2024-3302

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

3.7CVSS4.8AI score
Exploits0References7
UbuntuCve
UbuntuCve
added 2024/04/16 4:15 p.m.25 views

CVE-2024-3302

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

3.7CVSS6.3AI score0.00759EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/04/16 3:14 p.m.18 views

CVE-2024-3302

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

6.1AI score0.00759EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/04/16 3:14 p.m.29 views

CVE-2024-3302

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

5.8AI score0.00759EPSS
Exploits0References7
CVE
CVE
added 2024/04/16 3:14 p.m.1148 views

CVE-2024-3302

CVE-2024-3302 describes an unbounded processing of HTTP/2 CONTINUATION frames, enabling an Out of Memory condition in the browser. Affected: Firefox <125, Firefox ESR <115.10, Thunderbird

3.7CVSS5.6AI score0.00759EPSS
Exploits0References7Affected Software2
Debian CVE
Debian CVE
added 2024/04/16 3:14 p.m.31 views

CVE-2024-3302

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

3.7CVSS7.1AI score0.00759EPSS
Exploits0
OSV
OSV
added 2024/04/16 9:32 a.m.8 views

SUSE-SU-2024:1308-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation bsc1222384...

8.2CVSS7.4AI score0.87211EPSS
Exploits1References5
OSV
OSV
added 2024/04/16 9:31 a.m.8 views

SUSE-SU-2024:1305-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation bsc1222384...

8.2CVSS7.4AI score0.87211EPSS
Exploits1References5
Mozilla
Mozilla
added 2024/04/16 12:0 a.m.111 views

Security Vulnerabilities fixed in Firefox 125 — Mozilla

GetBoundName could return the wrong version of an object when JIT optimizations were applied. Memory corruption in the networking stack could have led to a potentially exploitable crash. A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage...

8.8CVSS7.9AI score0.00857EPSS
Exploits0References17Affected Software1
Mozilla
Mozilla
added 2024/04/16 12:0 a.m.50 views

Security Vulnerabilities fixed in Firefox ESR 115.10 — Mozilla

GetBoundName could return the wrong version of an object when JIT optimizations were applied. In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. The JIT created incorrect code for arguments in certain cases. This led to potential...

9.8CVSS7.9AI score0.00812EPSS
Exploits1References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/16 12:0 a.m.65 views

Mozilla Firefox < 125.0

The version of Firefox installed on the remote Windows host is prior to 125.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-18 advisory. - The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected Windows...

9.8CVSS7.6AI score0.00857EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2024/04/16 12:0 a.m.40 views

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-107-01)

The version of mozilla-firefox installed on the remote host is prior to 115.10.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-107-01 advisory. - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to...

9.8CVSS7.9AI score0.00847EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2024/04/16 12:0 a.m.43 views

Mozilla Firefox < 125.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 125.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-18 advisory. - The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected...

9.8CVSS7.6AI score0.00857EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2024/04/16 12:0 a.m.35 views

Mozilla Firefox ESR < 115.10

The version of Firefox ESR installed on the remote Windows host is prior to 115.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-19 advisory. - The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected...

9.8CVSS7.5AI score0.00847EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2024/04/16 12:0 a.m.75 views

Debian dsa-5662 : apache2 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5662 advisory. - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - Faulty input...

7.5CVSS6.9AI score0.91327EPSS
Exploits3References15
Github Security Blog
Github Security Blog
added 2024/04/15 6:14 p.m.26 views

Traefik affected by HTTP/2 CONTINUATION flood in net/http

There is a potential vulnerability in Traefik managing HTTP/2 connections. More details in the CVE-2023-45288. Patches - https://github.com/traefik/traefik/releases/tag/v2.11.2 - https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5 Workarounds No workaround For more information If you have...

7.5CVSS7AI score0.91969EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2024/04/15 6:14 p.m.36 views

GHSA-7F4J-64P6-5H5V Traefik affected by HTTP/2 CONTINUATION flood in net/http

There is a potential vulnerability in Traefik managing HTTP/2 connections. More details in the CVE-2023-45288. Patches - https://github.com/traefik/traefik/releases/tag/v2.11.2 - https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5 Workarounds No workaround For more information If you have...

8.1AI score
Exploits0References4
OpenVAS
OpenVAS
added 2024/04/15 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2024-0124)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.03663EPSS
Exploits0References4
Rows per page
Query Builder