Lucene search
K

8 matches found

OSV
OSV
added 2026/04/23 10:11 a.m.8 views

CLSA-2026-1776939108 nodejs: Fix of CVE-2026-21714

CVE-2026-21714: fix HTTP/2 Http2Session memory leak triggered by a connection-level WINDOWUPDATE that overflows the flow control window...

5.3CVSS6.9AI score0.00454EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 7:7 p.m.1 views

CVE-2026-21714

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...

5.3CVSS5.9AI score0.00454EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/06/04 9:49 a.m.33 views

BIT-NODE-2024-27983

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a T...

8.2CVSS6.8AI score0.87211EPSS
Exploits1References11
Veracode
Veracode
added 2019/01/15 9:12 a.m.24 views

Denial Of Service (DoS)

thunderbird is vulnerable to denial of service DoS attacks. The vulnerability exists as multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service memory corruption and application...

8.8CVSS9.5AI score0.0289EPSS
Exploits0References22Affected Software2
Prion
Prion
added 2016/08/05 1:59 a.m.23 views

Memory corruption

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to Http2Session::Shutdown a...

6.8CVSS8.6AI score0.0289EPSS
Exploits0References19Affected Software2
CVE
CVE
added 2016/08/05 1:0 a.m.113 views

CVE-2016-2836

CVE-2016-2836 is a memory-safety vulnerability in Mozilla Firefox’s browser engine. The issue affects Firefox versions prior to 48.0 and Firefox ESR 45.x prior to 45.3, enabling a remote attacker to potentially execute arbitrary code or cause a denial of service through various vectors related to...

8.8CVSS9.7AI score0.0289EPSS
Exploits0References19Affected Software1
RedhatCVE
RedhatCVE
added 2016/08/03 4:48 a.m.33 views

CVE-2016-2836

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to Http2Session::Shutdown a...

8.8CVSS7.7AI score0.0289EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/08/03 12:0 a.m.29 views

CVE-2016-2836

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to Http2Session::Shutdown a...

8.8CVSS7.5AI score0.0289EPSS
Exploits0References5
Rows per page
Query Builder