CVE-2023-44487
|
7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
|
CVE-2021-3618
|
7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
|
CVE-2021-23017
|
7.7A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
|
CVE-2019-8331
|
6.1In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
|
CVE-2018-20677
|
6.1In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
|
CVE-2018-20676
|
6.1In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
|
CVE-2018-14042
|
6.1In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
|
CVE-2018-14040
|
6.1In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
|
CVE-2016-10735
|
6.1In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
|