Search CVE reports
31 – 40 of 64 results
Some fixes available 3 of 4
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into...
1 affected package
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nginx | — | — | — | Fixed |
Some fixes available 16 of 66
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...
7 affected packages
golang-google-grpc, grpc, h2o, nginx, trafficserver...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| h2o | Not affected | Not affected | Not affected | Vulnerable |
| nginx | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable |
| twisted | Fixed | Fixed | Fixed | Fixed |
| netty | Not affected | Not affected | Not affected | Fixed |
Some fixes available 16 of 83
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...
16 affected packages
golang-1.10, golang-1.11, golang-1.12, golang, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| nginx | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable |
| twisted | Fixed | Fixed | Fixed | Fixed |
| h2o | Not affected | Not affected | Not affected | Needs evaluation |
| nodejs | Not affected | Not affected | Not affected | Ignored |
| grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netty | Not affected | Not affected | Not affected | Fixed |
| golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 15 of 25
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes...
3 affected packages
nghttp2, nginx, nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nghttp2 | Not affected | Not affected | Not affected | Fixed |
| nginx | Fixed | Fixed | Fixed | Fixed |
| nodejs | Not affected | Not affected | Not affected | Ignored |
Some fixes available 16 of 42
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...
13 affected packages
golang-1.9, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| h2o | Not affected | Not affected | Not affected | Needs evaluation |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| nginx | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable |
| twisted | Fixed | Fixed | Fixed | Fixed |
| netty | Not affected | Not affected | Not affected | Fixed |
Some fixes available 15 of 25
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over...
3 affected packages
nghttp2, nginx, nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nghttp2 | Not affected | Not affected | Not affected | Fixed |
| nginx | Fixed | Fixed | Fixed | Fixed |
| nodejs | Not affected | Not affected | Not affected | Ignored |
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory...
1 affected package
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nginx | — | — | — | Fixed |
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the...
1 affected package
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nginx | — | — | — | Fixed |
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default)...
1 affected package
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nginx | — | — | — | Fixed |
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
1 affected package
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nginx | — | — | — | — |