19 matches found
nghttp2 security update
An update is available for nghttp2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libnghttp2 is a library implementing the Hypertext Transfer Protocol version...
Important: nghttp2 security update
libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 For more details about the security issues, including the impact, a CVSS...
CVE-2026-26070
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...
PT-2026-28350
Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race condition that can lead to concurrent access to std::map, potentially causing container or optional...
CVE-2025-68792
In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize 'namesize' does not have any range checks, and it just directly indexes with TPMALGID, which could lead into memory corruption at worst. Address the issue by only processing...
PT-2025-54429
Name of the Vulnerable Software and Affected Versions ZwiiCMS versions prior to 13.7.00 Description The software contains a denial-of-service issue in several administrative areas because of incorrect authorization checks and problems with how resources are handled. A user with limited access can...
CVE-2025-65562
The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send a request with a very large SEID e.g., 0xFFFFFFFFFFFFFFFF that causes an integer conversion/underflow in LocalNode.DeleteSess /...
Mozilla: Browsing Context potentially not cleared when closing Private Window
The Mozilla Foundation Security Advisory describes this flaw as: When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private...
Mozilla: Browsing Context potentially not cleared when closing Private Window
The Mozilla Foundation Security Advisory describes this flaw as: When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private...
Mozilla: Browsing Context potentially not cleared when closing Private Window
The Mozilla Foundation Security Advisory describes this flaw as: When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private...
Mozilla: Browsing Context potentially not cleared when closing Private Window
The Mozilla Foundation Security Advisory describes this flaw as: When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private...
Mozilla: Browsing Context potentially not cleared when closing Private Window
The Mozilla Foundation Security Advisory describes this flaw as: When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private...
Mozilla: Browsing Context potentially not cleared when closing Private Window
The Mozilla Foundation Security Advisory describes this flaw as: When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private...
Mozilla: Browsing Context potentially not cleared when closing Private Window
The Mozilla Foundation Security Advisory describes this flaw as: When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private...
PT-2023-14809 · Garmin · Garmin Connect
Name of the Vulnerable Software and Affected Versions: Garmin Connect version 4.61 Description: The issue concerns the exposure of private personal information through the LiveTrack API when a LiveTrack session is terminated. This problem is noted in Garmin Connect, where ending a session does no...
HTTP/2: 0-length headers lead to denial of service
A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially...
Default credentials
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit...
Gnome 1.01.1 Group X 11.0 XFree86 X11R6 3.3.x4.0 - Denial of Service
Gnome 1.01.1 Group X 11.0 XFree86 X11R6 3.3.x4.0 - Denial of Service // source: https://www.securityfocus.com/bid/1369/info A denial of service vulnerability exists in libICE, part of the X11 windowing system. Any libICE application which creates inet listening sockets can be remotely crashed. Th...