BIT-LIBPHP-2024-11234 Configuring a proxy in a stream context might allow for CRLF injection in URIs

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

CVE-2022-41971 Nextcloud Talk guests can continue to receive video streams from call after being removed from a conversation

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public...

chromium-browser: Out of bounds memory access in streams

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Google Chrome streams out-of-bounds memory access vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome versions prior to 80.0.3987.87 contain an out-of-bounds memory access security vulnerability in the implementation of streams, which can be exploited by attackers to cause heap damage via a constructed HTML page...

USN-3783-1 apache2 vulnerabilities

Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. CVE-2018-1302 Craig Young discovered that the Apache HTTP Server HTTP/2 module...

Ubuntu 14.04 LTS : Simple Streams vulnerability (USN-2746-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2746-1 advisory. It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a...

php: DoS when using HTTP proxy with the FTP wrapper

Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper...