Search CVE reports
31 – 36 of 36 results
Some fixes available 16 of 83
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...
16 affected packages
golang-1.10, golang-1.11, golang-1.12, golang, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| nginx | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable |
| twisted | Fixed | Fixed | Fixed | Fixed |
| h2o | Not affected | Not affected | Not affected | Needs evaluation |
| nodejs | Not affected | Not affected | Not affected | Ignored |
| grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netty | Not affected | Not affected | Not affected | Fixed |
| golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 16 of 42
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...
13 affected packages
golang-1.9, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| h2o | Not affected | Not affected | Not affected | Needs evaluation |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| nginx | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable |
| twisted | Fixed | Fixed | Fixed | Fixed |
| netty | Not affected | Not affected | Not affected | Fixed |
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain...
3 affected packages
netty, netty-3.9, netty3.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Not affected |
| netty-3.9 | Not in release | Not in release | Not in release | Not affected |
| netty3.1 | Not in release | Not in release | Not in release | Not in release |
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Not affected |
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | — | — | — | — |
WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| netty | — | — | — | Not affected |