Download
| Alert*
oval:org.secpod.oval:def:69747
Two vulnerabilities were discovered in the HTTP/2 code of the libnghttp2-dev HTTP server, which could result in denial of service. oval:org.secpod.oval:def:1902564 The client creates multiple request streams and continually shuffles the priority of the streams in a way which causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a Denial-of-Service. Also known as "HTTP/2 Resource Loop / Priority Shuffling". oval:org.secpod.oval:def:604515 Two vulnerabilities were discovered in the HTTP/2 code of the nghttp2 HTTP server, which could result in denial of service. oval:org.secpod.oval:def:69903 Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a high-performance web and reverse proxy server, which could result in denial of service. oval:org.secpod.oval:def:503342 Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Security Fix: * HTTP/2: large amount of data request leads to denial of service * HTTP/2: flood using PRIORITY frames resulting in excessive ... oval:org.secpod.oval:def:505045 nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix: * HTTP/2: large amount of data request leads to denial of service * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption ... oval:org.secpod.oval:def:1601059 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:57954 The host is missing an important security update for KB4512507 oval:org.secpod.oval:def:89050643 This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service . - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and ... oval:org.secpod.oval:def:1502620 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89050769 This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization . - CVE-2019-9513: Fixed a denial of service caused by resource loops . - CVE-2019-9516: Fixed a denial of service caused by h ... oval:org.secpod.oval:def:604825 Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or HTTP request smuggling. oval:org.secpod.oval:def:117828 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:604503 Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a high-performance web and reverse proxy server, which could result in denial of service. oval:org.secpod.oval:def:63513 Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or HTTP request smuggling. oval:org.secpod.oval:def:89050762 This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization . - CVE-2019-9513: Fixed a denial of service caused by resource loops . - CVE-2019-9516: Fixed a denial of service caused by h ... oval:org.secpod.oval:def:2105205 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:58346 Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a high-performance web and reverse proxy server, which could result in denial of service. oval:org.secpod.oval:def:59756 Affected versions: nghttp2 version < 1.39.2The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service. oval:org.secpod.oval:def:504882 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of ... oval:org.secpod.oval:def:503354 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of service * H ... oval:org.secpod.oval:def:117023 Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. oval:org.secpod.oval:def:2500041 Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a focus on high concurrency, performance and low memory usage. oval:org.secpod.oval:def:1502673 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89044083 This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS . - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service . - CVE-2019-9511: Fixed HTTP/2 implementations ... oval:org.secpod.oval:def:117013 This package contains the HTTP/2 client, server and proxy programs. oval:org.secpod.oval:def:1802021 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:504930 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of s ... oval:org.secpod.oval:def:504896 nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix: * HTTP/2: large amount of data request leads to denial of service * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption ... oval:org.secpod.oval:def:503329 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Security Fix: * HTTP/2: large amount of data request leads to denial of service * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption For more details about the security issue ... oval:org.secpod.oval:def:1502685 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1801978 * CVE-2019-9511 "Data Dribble": The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume exc ... oval:org.secpod.oval:def:2500035 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:705119 nginx: small, powerful, scalable web/proxy server nginx could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:1601061 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:117006 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:58204 Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. oval:org.secpod.oval:def:58369 nginx: small, powerful, scalable web/proxy server nginx could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:116996 Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. oval:org.secpod.oval:def:117004 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:57952 The host is missing an important security update for KB4512516 oval:org.secpod.oval:def:2105103 Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time ... oval:org.secpod.oval:def:505114 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * HTTP/2: large amount of data requests leads to denial of service * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption * HTTP/2: request for large respon ... oval:org.secpod.oval:def:57951 The host is missing an important security update for KB4512517 oval:org.secpod.oval:def:57873 A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. T ... oval:org.secpod.oval:def:57945 The host is missing an important security update for KB4512508 oval:org.secpod.oval:def:117001 This package contains the HTTP/2 client, server and proxy programs. oval:org.secpod.oval:def:57949 The host is missing an important security update for KB4507469 oval:org.secpod.oval:def:57948 The host is missing an important security update for KB4512501 oval:org.secpod.oval:def:57947 The host is missing an important security update for KB4512497 oval:org.secpod.oval:def:1700227 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:504828 nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix: * HTTP/2: large amount of data request leads to denial of service * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption ... oval:org.secpod.oval:def:66455 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of service * H ... oval:org.secpod.oval:def:89043994 This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 * CVE-2019-15903: Heap ... |