Lucene search
K

100 matches found

Positive Technologies
Positive Technologies
added 2024/02/15 12:0 a.m.5 views

PT-2024-2655 · Libcurl +12 · Libcurl +12

Name of the Vulnerable Software and Affected Versions: libcurl affected versions not specified Description: The issue is related to a memory leak in libcurl when handling HTTP/2 server push. When the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts...

8.6CVSS6.7AI score0.36081EPSS
Exploits10References123
Vulnrichment
Vulnrichment
added 2023/05/27 3:21 a.m.10 views

CVE-2023-32688 Invalid push request payload crashes Parse Server

parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3...

4.9CVSS7.5AI score0.009EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2023/05/22 7:50 p.m.4 views

@evocodes/parse-server (>=2.2.11 <=2.2.27), @m1r4ge/parse-server (>=2.2.7 <=2.2.11) +36 more potentially affected by CVE-2023-32688 via parse-server-push-adapter (>=1.0.4 <=1.3.0)

parse-server-push-adapter NPM version =1.0.4, =2.2.11, =2.2.7, =2.2.7, =0.1.7, =0.0.1, =1.0.0, =2.2.3, =2.3.8, =2.2.18-mod, =2.2.25, =2.2.17, =2.3.3 and more Source cves: CVE-2023-32688 Source advisory: OSV:GHSA-MXHG-RVWX-X993...

7.5CVSS7.1AI score0.009EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.3 views

SUSE CVE-2010-3172

CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted UR...

2.6CVSS7.2AI score0.01787EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.3 views

SUSE CVE-2013-1696

Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses...

4CVSS8.4AI score0.01661EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.17 views

Mozilla Firefox Security Advisory (MFSA2013-58) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

4CVSS6.5AI score0.01661EPSS
Exploits1References3
Akamai Blog
Akamai Blog
added 2021/10/14 1:0 p.m.4 views

Integrating Akamai mPulse with Consent Management Providers

Akamai mPulse is a real user monitoring solution, providing detailed information about the user experiences delivered by your web applications. mPulse can be configured within your Akamai property to automatically start collecting data from your customer visits. This initial setup will gather the...

6.8AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.4 views

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

...

7.5CVSS7AI score0.89744EPSS
Exploits0
OSV
OSV
added 2020/08/07 4:15 p.m.4 views

ALPINE-CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

7.5CVSS6.9AI score0.89744EPSS
Exploits0References1
Akamai Blog
Akamai Blog
added 2020/06/09 5:45 p.m.70 views

How to Verify Adaptive Acceleration Features are Working on Browser

As we know, Adaptive Acceleration's umbrella consists of the below features: 1. Automatic Push/Preconnect 2. Resource Optimizer 3. Automatic Font Preload 4. Script Management To read more about these features, please refer to Akamai Community. Now let's see how we can validate if these features a...

0.4AI score
Exploits0
OSV
OSV
added 2019/08/15 10:15 p.m.4 views

ALPINE-CVE-2019-10081

HTTP/2 2.4.20 through 2.4.39 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client...

7.5CVSS6.8AI score0.14563EPSS
Exploits1References1
Akamai Blog
Akamai Blog
added 2017/03/21 5:19 p.m.28 views

HTTP/2 Server Push: The What, How and Why

What is HTTP/2 Server Push? How does it work? Why is it valuable? If you are looking for the answers to these questions, you've come to the right place. What it is HTTP/2 h2 Server Push is one of the performance features included in version 2 of the HTTP protocol. It allows the Web server to "pus...

6.3AI score
Exploits0
NVD
NVD
added 2013/06/26 3:19 a.m.18 views

CVE-2013-1696

Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses...

4CVSS6.2AI score0.01661EPSS
Exploits1References6
Prion
Prion
added 2013/06/26 3:19 a.m.17 views

Design/Logic Flaw

Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses...

4CVSS6.7AI score0.01661EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2013/06/26 1:0 a.m.18 views

CVE-2013-1696

Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses...

6.1AI score0.01661EPSS
Exploits1References6
CVE
CVE
added 2013/06/26 1:0 a.m.122 views

CVE-2013-1696

CVE-2013-1696 affects Mozilla Firefox prior to 22.0 where X-Frame-Options protection is not enforced when using server push with multipart responses, enabling clickjacking via crafted pages. The issue is tracked in MFSA 2013-58 and was addressed by Mozilla in Firefox 22.0 and later. OpenSUSE/NVD ...

4CVSS6AI score0.01661EPSS
Exploits1References6Affected Software1
Mozilla
Mozilla
added 2013/06/25 12:0 a.m.36 views

X-Frame-Options ignored when using server push with multi-part responses — Mozilla

Bugzilla developer Frédéric Buclin reported that the X-Frame-Options header is ignored when server push is used in multi-part responses. This can lead to potential clickjacking on sites that use X-Frame-Options as a protection...

4CVSS1.3AI score0.01661EPSS
Exploits1References2Affected Software2
UbuntuCve
UbuntuCve
added 2013/06/25 12:0 a.m.28 views

CVE-2013-1696

Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses...

4CVSS7.2AI score0.01661EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2010/11/15 12:0 a.m.32 views

Bugzilla Response Splitting

The version of Bugzilla hosted on the remote web server allows injection of arbitrary HTTP headers and content when Server Push is enabled in a browser. Note that the install also likely creates restricted reports in a known location and with predictable names, which can lead to a loss of...

2.6CVSS5.7AI score0.01787EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2010/11/05 5:0 p.m.34 views

CVE-2010-3172

CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted UR...

2.6CVSS6AI score0.01787EPSS
Exploits0References1
Rows per page
Query Builder