The vulnerability of the ANGLE component in the Google Chrome web browser allows a perpetrator to compromise data integrity, cause service failures, or gain unauthorized access to confidential information.

The vulnerability of the ANGLE browser component in Google Chrome relates to the execution of operations within the data buffer’s allowable limits. Exploiting this vulnerability could allow an attacker to compromise data integrity, cause service failures, or gain unauthorized access to confidenti...

The vulnerability of the security interface of Google Chrome’s pop-up blockers allows attackers to compromise data integrity.

The vulnerability of the security interface of Google Chrome’s pop-up blockers is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to compromise data integrity through a specially created HTML page...

October 3, 2017, update for Office 2016 (KB4011036)

October 3, 2017, update for Office 2016 KB4011036 This article describes update 4011036 for Microsoft Office 2016 that was released on October 3, 2017. This update has a prerequisite. Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition o...

PowerPoint ‘Weakness’ Opens Door to Malicious Mouse-Over Attack

A researcher is sounding the alarm over what he believes could be a novel attack vector which allows a hacker to manipulate a PowerPoint file to download and begin the installation of malware, simply by hovering over a hypertext link. The technique does require a victim to accept one pop-up...

Google Chrome Resource Management Error Vulnerability (CNVD-2020-26222)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a resource management error vulnerability. An attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service via specially crafted HTML pages...

USN-4321-1 haproxy vulnerability

Felix Wilhelm discovered that HAProxy incorrectly handled certain HTTP/2 requests. An attacker could possibly use this to execute arbitrary code...

chromium-browser: Use after free in WebAudio

Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

httpd: memory corruption on early pushes

A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash...

HTTP/2: request for large response leads to denial of service

A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server's...

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

PT-2020-12350 · Draytek · Draytek Vigor2960 +2

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 versions prior to 1.5.1 Draytek Vigor2960 versions prior to 1.5.1 Draytek Vigor300B versions prior to 1.5.1 Description: A stack-based buffer overflow in the apmd service allows remote attackers to achieve code execution via...

Artica Pandora FMS Code Issue Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A code issue vulnerability exists in File Manager in Artica Pandora FMS 7.42 and prior versions. An attacker can exploit t...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

Google Chrome memory misreference vulnerability (CNVD-2020-19204)

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A memory misreference vulnerability exists in audio in versions prior to Google Chrome 80.0.3987.149. A remote attacker can exploit this vulnerability to leverage...

Unspecified Vulnerability in NETSAS Enigma NMS

NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A security vulnerability exists in NETSAS Enigma NMS version 65.0.0 and earlier, which stems from the program's use of a weak authentication mechanism over the HTTP protocol. The vulnerability can be...

netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling

A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...

PT-2020-11933 · Citrix · Citrix Adc +1

Name of the Vulnerable Software and Affected Versions: Citrix Gateway versions 11.1 through 12.1 Description: The issue concerns an Inconsistent Interpretation of HTTP Requests. It is noted that Citrix disputes the reported behavior as not a security issue, stating that Citrix ADC only caches...

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...