8 matches found
CLSA-2026-1776939108 nodejs: Fix of CVE-2026-21714
CVE-2026-21714: fix HTTP/2 Http2Session memory leak triggered by a connection-level WINDOWUPDATE that overflows the flow control window...
CVE-2026-21714
A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...
BIT-NODE-2024-27983
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a T...
Denial Of Service (DoS)
thunderbird is vulnerable to denial of service DoS attacks. The vulnerability exists as multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service memory corruption and application...
Memory corruption
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to Http2Session::Shutdown a...
CVE-2016-2836
CVE-2016-2836 is a memory-safety vulnerability in Mozilla Firefox’s browser engine. The issue affects Firefox versions prior to 48.0 and Firefox ESR 45.x prior to 45.3, enabling a remote attacker to potentially execute arbitrary code or cause a denial of service through various vectors related to...
CVE-2016-2836
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to Http2Session::Shutdown a...
CVE-2016-2836
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to Http2Session::Shutdown a...