Search CVE reports
21 – 30 of 53 results
CVE-2019-9515
Medium prioritySome fixes available 13 of 60
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...
7 affected packages
golang-google-grpc, grpc, h2o, netty, nginx...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| h2o | Not affected | Not affected | Not affected | Vulnerable | Not in release |
| netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
| nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
| twisted | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2019-9514
Medium prioritySome fixes available 13 of 77
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...
16 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| h2o | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
| netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
| nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Ignored | Ignored |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
| twisted | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2019-9513
Medium prioritySome fixes available 15 of 25
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes...
3 affected packages
nghttp2, nginx, nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nghttp2 | Not affected | Not affected | Not affected | Fixed | Fixed |
| nginx | Fixed | Fixed | Fixed | Fixed | Fixed |
| nodejs | Not affected | Not affected | Not affected | Ignored | Ignored |
CVE-2019-9512
Medium prioritySome fixes available 13 of 42
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...
13 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| h2o | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
| netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
| nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
| twisted | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2019-9511
Medium prioritySome fixes available 15 of 25
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over...
3 affected packages
nghttp2, nginx, nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nghttp2 | Not affected | Not affected | Not affected | Fixed | Fixed |
| nginx | Fixed | Fixed | Fixed | Fixed | Fixed |
| nodejs | Not affected | Not affected | Not affected | Ignored | Ignored |
CVE-2018-16845
Medium prioritynginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory...
1 affected packages
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nginx | — | — | — | Fixed | Fixed |
CVE-2018-16844
Medium prioritynginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the...
1 affected packages
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nginx | — | — | — | Fixed | Fixed |
CVE-2018-16843
Medium prioritynginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default)...
1 affected packages
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nginx | — | — | — | Fixed | Fixed |
CVE-2017-7529
Medium priorityNginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
1 affected packages
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nginx | — | — | — | — | Fixed |
CVE-2016-1247
Medium priorityThe nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the...
1 affected packages
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nginx | — | — | — | — | Fixed |