HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

The vulnerability of the microprogramming software used in data collection and analysis devices of FortiAnalyzer and the centralized management system FortiManager allows a malicious individual to gain unauthorized access to the IPMI web interface.

The vulnerability of the microprogramming software used in data collection and analysis devices of FortiAnalyzer and the centralized management system FortiManager is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...

The vulnerability of the syntax analysis function for URI identifiers of HTTP-servers of TP-Link TL-R600VPN microprogramming devices allows a perpetrator to cause a service failure.

The vulnerability of the syntax analysis function for URI identifiers of HTTP-servers of TP-Link TL-R600VPN software-based routers exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending a specially...

chromium-browser: Incorrect security UI in sharing

Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page...

chromium-browser: Insufficient policy enforcement in payments

Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page...

Google Chrome Information Disclosure Vulnerability (CNVD-2019-46754)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability. The vulnerability can be exploited by an attacker to disclose cross-origin data through specially crafted HTML pages...

Google Chrome Input Validation Error Vulnerability (CNVD-2019-46751)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an input validation error vulnerability. An attacker can exploit this vulnerability to cause heap corruption with the help of specially crafted HTML pages...

Google Chrome Input Validation Error Vulnerability (CNVD-2019-46756)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an input validation error vulnerability. An attacker can exploit this vulnerability to spoof a secure user interface with the help of specially crafted HTML pages...

Google Chrome WebSockets Resource Management Error Vulnerability

Google Chrome is a web browser from Google, and WebSockets is one of the communication protocols used to exchange data between the client and the server. A resource management error vulnerability exists in Google Chrome WebSockets. An attacker can exploit this vulnerability to cause heap corrupti...

UBUNTU-CVE-2019-13756

Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page...

httpd: mod_http2: DoS via slow, unneeded request bodies

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

The vulnerability in the Google Chrome browser’s user interface allows a hacker to conceal the secure user interface.

The vulnerability of the user interface in full-screen mode of the Google Chrome browser is related to deficiencies in data storage. Exploiting this vulnerability allows a malicious actor to conceal the secure user interface using a specially crafted HTML page...

The vulnerability of the V8 component in the Google Chrome browser allows a hacker to trigger a service failure.

The vulnerability of the V8 component in Google Chrome browser is related to reading beyond the buffer limit. Exploiting this vulnerability can allow a malicious actor to cause a service failure through a specially created HTML page...

The vulnerability of the Google Chrome browser arises from its inability to handle sequences of characters CRLF, which allows attackers to circumvent navigation restrictions.

The vulnerability of the Google Chrome browser exists due to the failure to address the issue of eliminating CRLF sequences. Exploiting this vulnerability allows a remote attacker to circumvent navigation restrictions by using a specially created HTML page...

The vulnerability of Google Chrome browser, which exists due to the lack of measures taken to protect the structure of web pages, allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of Google Chrome exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of protected information through a specially created HTML page...

The vulnerability of Google Chrome’s WebGL component for the Mass OS operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Google Chrome’s WebGL component for macOS operating systems relates to the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information through the...

The vulnerability of the Apache HTTP Server web server, related to uncontrolled resource consumption, allows attackers to cause service interruptions.

The vulnerability of the Apache HTTP Server web server is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted HTTP/2 requests...

The vulnerability of Blink’s web page display mechanism in Google Chrome browser allows attackers to obtain URLs of cross-origin origins.

The vulnerability of Blink’s web page rendering mechanism in Google Chrome browsers is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain cross-origin URLs through a specially created HTML page...

The vulnerability of Google Chrome arises from insufficient validation of input data, allowing a hacker to replace the user’s interface in the “Extensions” tab.

The vulnerability of Google Chrome exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to replace the user interface in the “Extensions” tab using a specially created HTML page...