SUSE CVE-2024-3302

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

DEBIAN-CVE-2024-3302

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

shim: RCE in http boot support may lead to Secure Boot bypass

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox version 125, which stems from a lack of a limit on the number of HTTP/2 CONTINUATION frames that need to be processed, which could lead to memory...

PT-2024-3722 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an...

PT-2024-3087 · Google +5 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 124.0.6367.60 Description: The issue is related to an out of bounds read in the Fonts component of Google Chrome, which can be exploited by a remote attacker to obtain potentially sensitive information from...

UBUNTU-CVE-2024-32489

TCPDF before 6.7.4 mishandles calls that use HTML syntax...

OESA-2024-1380 cri-tools security update

CLI and validation tools for Container Runtime Interface Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.CVE-2022-41723 A malicious HTTP/2 client which...

Enpass Password Manager 安全漏洞

Enpass Password Manager is a cross-platform offline password manager from Enpass. A security vulnerability exists in Enpass Password Manager version 6.9.2, which stems from an HTML injection vulnerability that allows an attacker to run arbitrary HTML code by creating carefully crafted comments...

PT-2024-21369 · Enpass · Enpass Password Manager Desktop Client

Name of the Vulnerable Software and Affected Versions: Enpass Password Manager Desktop Client version 6.9.2 Description: The issue allows attackers to run arbitrary HTML code via the creation of a crafted note, potentially leading to HTML injection. This can occur in the Enpass Password Manager...

SUSE SLES12 Security Update : nghttp2 (SUSE-SU-2024:1156-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1156-1 advisory. - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading...

ROS-20240409-11

Vulnerability in the WatchAnalytics extension of the hypertext environment implementation software tool MediaWiki is related to XSS exploitation using the Special:PageStatistics page parameter. Exploitation The exploitation of the vulnerability could allow a remote attacker to perform cross-site...

The vulnerability of the extension of the Wikibase software for implementing the MediaWiki hypertext environment allows a hacker to cause a service failure.

The vulnerability of the extension of the Wikibase software for implementing the MediaWiki hypertext environment is related to the lack of speed limits on the merging of elements. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the SportsTeams extension of the software for implementing the MediaWiki hypertext environment allows a hacker to compromise the integrity of the protected information.

The vulnerability of the SportsTeams extension of the MediaWiki software, which is used to implement a hypertext environment, relates to the lack of permission checking. Exploiting this vulnerability could allow an attacker operating remotely to compromise the integrity of the protected informati...

The vulnerability lies in the implementation of the HTTP/2 utility in the command-line tool cURL, which allows a attacker to cause a service failure.

The vulnerability of the HTTP/2 command-line utility implementation in CURL is related to memory leak errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of Google Chrome’s Swiftshader library allows a hacker to gain unauthorized access to protected information.

The vulnerability of Google Chrome’s Swiftshader library relates to reading data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created HTML page...

The vulnerability of the Canvas component in the Google Chrome browser allows a hacker to execute arbitrary code.

The vulnerability of the Canvas component in Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability could allow a local attacker to execute arbitrary code using a specially created HTML page...

The vulnerability of Google Chrome’s user interface allows a perpetrator to replace the user interface.

The vulnerability of Google Chrome’s user interface is related to an improper limitation on the visible layers of the user interface. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...

CVE-2023-45288

...

The vulnerability of the Apache HTTP Server web server, related to uncontrolled resource consumption, allows attackers to cause service interruptions.

The vulnerability of the Apache HTTP Server’s web server in terms of the implementation of the HTTP/2 protocol is related to an uncontrolled resource consumption due to incorrect determination of the end of headers during the processing of CONTINUATION requests. Exploiting this vulnerability can...