Download
| Alert*
oval:org.secpod.oval:def:69745
Three vulnerabilities were discovered in the HTTP/2 code of the H2O HTTP server, which could result in denial of service. oval:org.secpod.oval:def:58058 The client can send continual pings to an HTTP/2 server, causing the server to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a Denial-of-Service. Also known as "HTTP/2 Ping Flood". oval:org.secpod.oval:def:57954 The host is missing an important security update for KB4512507 oval:org.secpod.oval:def:2105901 Oracle Solaris 11 - ( CVE-2017-15041 ) oval:org.secpod.oval:def:69755 Several vulnerabilities were discovered in the HTTP/2 code of Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service. The fixes are too intrusive to backport to the version in the oldstable distribution . An upgrade to Debian stable is recommended instead ... oval:org.secpod.oval:def:604506 Three vulnerabilities were discovered in the HTTP/2 code of the H2O HTTP server, which could result in denial of service. oval:org.secpod.oval:def:117828 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:1601044 Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory ... oval:org.secpod.oval:def:504882 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of ... oval:org.secpod.oval:def:503354 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of service * H ... oval:org.secpod.oval:def:58188 The host is installed with Kubernetes version 1.15.x before 1.15.3, 1.14.x before 1.14.6 or 1.13.x before 1.13.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle the ping floods issue in HTTP/2 peer. Successful exploitation allows attack ... oval:org.secpod.oval:def:604509 Three vulnerabilities have been discovered in the Go programming language; quot;net/urlquot; accepted some invalid hosts in URLs which could result in authorisation bypass in some applications and the HTTP/2 implementation was susceptible to denial of service. oval:org.secpod.oval:def:1700203 Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory ... oval:org.secpod.oval:def:503512 The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources ... oval:org.secpod.oval:def:2501015 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:1502670 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:66670 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * HTTP/2: flood using PING frames results in unbounded memory growth * HTTP/2: flood using HEADERS frames results in unbounded memory growth For more details about the se ... oval:org.secpod.oval:def:62158 twisted: Event-based framework for internet applications Several security issues were fixed in Twisted. oval:org.secpod.oval:def:69743 Three vulnerabilities have been discovered in the Go programming language; net/url accepted some invalid hosts in URLs which could result in authorisation bypass in some applications and the HTTP/2 implementation was susceptible to denial of service. oval:org.secpod.oval:def:2501010 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:66674 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * HTTP/2: flood using PING frames results in unbounded memory growth * HTTP/2: flood using HEADERS frames results in unbounded memory growth * runc: AppArmor/SELinux bypa ... oval:org.secpod.oval:def:58190 The host is installed with Kubernetes version 1.15.x before 1.15.3, 1.14.x before 1.14.6 or 1.13.x before 1.13.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle the ping floods issue in HTTP/2 peer. Successful exploitation allows attack ... oval:org.secpod.oval:def:58192 Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory ... oval:org.secpod.oval:def:504930 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of s ... oval:org.secpod.oval:def:1502760 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502761 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502685 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:57939 A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. T ... oval:org.secpod.oval:def:1801978 * CVE-2019-9511 "Data Dribble": The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume exc ... oval:org.secpod.oval:def:2500035 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:62244 twisted: Event-based framework for internet applications Several security issues were fixed in Twisted. oval:org.secpod.oval:def:604527 Several vulnerabilities were discovered in the HTTP/2 code of Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service. The fixes are too intrusive to backport to the version in the oldstable distribution . An upgrade to Debian stable is recommended instead ... oval:org.secpod.oval:def:58203 Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory ... oval:org.secpod.oval:def:117006 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:117004 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:117048 The Go Programming Language. oval:org.secpod.oval:def:503330 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * HTTP/2: flood using PING frames results in unbounded memory growth * HTTP/2: flood using HEADERS frames results in unbounded memory growth For more details about the security i ... oval:org.secpod.oval:def:57952 The host is missing an important security update for KB4512516 oval:org.secpod.oval:def:117049 The Go Programming Language. oval:org.secpod.oval:def:57951 The host is missing an important security update for KB4512517 oval:org.secpod.oval:def:57945 The host is missing an important security update for KB4512508 oval:org.secpod.oval:def:57949 The host is missing an important security update for KB4507469 oval:org.secpod.oval:def:57948 The host is missing an important security update for KB4512501 oval:org.secpod.oval:def:57947 The host is missing an important security update for KB4512497 oval:org.secpod.oval:def:1504357 kubernetes [1.12.10-1.0.10] - [CVE-2019-16276] Kubernetes Vulnerabilities Allow Authentication Bypass, DoS [1.12.10-1.0.9] - Define rolling update for flannel [1.12.10-1.0.8] - Modify flannel/dashboard image tags to use images that have the cve fix kubeadm-ha-setup [0.0.2-1.0.68] - Pull image prior ... oval:org.secpod.oval:def:66455 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of service * H ... oval:org.secpod.oval:def:89043994 This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 * CVE-2019-15903: Heap ... |