Download
| Alert*
|
oval:org.secpod.oval:def:69745
Three vulnerabilities were discovered in the HTTP/2 code of the H2O HTTP server, which could result in denial of service. oval:org.secpod.oval:def:57954 The host is missing an important security update for KB4512507 oval:org.secpod.oval:def:69755 Several vulnerabilities were discovered in the HTTP/2 code of Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service. The fixes are too intrusive to backport to the version in the oldstable distribution . An upgrade to Debian stable is recommended instead ... oval:org.secpod.oval:def:604506 Three vulnerabilities were discovered in the HTTP/2 code of the H2O HTTP server, which could result in denial of service. oval:org.secpod.oval:def:604825 Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or HTTP request smuggling. oval:org.secpod.oval:def:117828 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:1601044 Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory ... oval:org.secpod.oval:def:63513 Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or HTTP request smuggling. oval:org.secpod.oval:def:58060 This opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the servers queue the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a Denial-of-Service. Also known ... oval:org.secpod.oval:def:504882 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of ... oval:org.secpod.oval:def:503354 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of service * H ... oval:org.secpod.oval:def:58189 The host is installed with Kubernetes version 1.15.x before 1.15.3, 1.14.x before 1.14.6 or 1.13.x before 1.13.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle the reset flood issue in HTTP/2 implementations. Successful exploitation al ... oval:org.secpod.oval:def:604509 Three vulnerabilities have been discovered in the Go programming language; quot;net/urlquot; accepted some invalid hosts in URLs which could result in authorisation bypass in some applications and the HTTP/2 implementation was susceptible to denial of service. oval:org.secpod.oval:def:1700203 Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory ... oval:org.secpod.oval:def:503512 The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources ... oval:org.secpod.oval:def:2501015 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:1502670 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:66670 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * HTTP/2: flood using PING frames results in unbounded memory growth * HTTP/2: flood using HEADERS frames results in unbounded memory growth For more details about the se ... oval:org.secpod.oval:def:62158 twisted: Event-based framework for internet applications Several security issues were fixed in Twisted. oval:org.secpod.oval:def:69743 Three vulnerabilities have been discovered in the Go programming language; net/url accepted some invalid hosts in URLs which could result in authorisation bypass in some applications and the HTTP/2 implementation was susceptible to denial of service. oval:org.secpod.oval:def:2501010 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. oval:org.secpod.oval:def:66674 The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix: * HTTP/2: flood using PING frames results in unbounded memory growth * HTTP/2: flood using HEADERS frames results in unbounded memory growth * runc: AppArmor/SELinux bypa ... oval:org.secpod.oval:def:58194 Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STRE ... oval:org.secpod.oval:def:58191 The host is installed with Kubernetes version 1.15.x before 1.15.3, 1.14.x before 1.14.6 or 1.13.x before 1.13.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle the reset flood issue in HTTP/2 implementations. Successful exploitation al ... oval:org.secpod.oval:def:504930 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of s ... oval:org.secpod.oval:def:1502760 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502761 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502685 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1801978 * CVE-2019-9511 "Data Dribble": The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume exc ... oval:org.secpod.oval:def:2500035 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:62244 twisted: Event-based framework for internet applications Several security issues were fixed in Twisted. oval:org.secpod.oval:def:604527 Several vulnerabilities were discovered in the HTTP/2 code of Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service. The fixes are too intrusive to backport to the version in the oldstable distribution . An upgrade to Debian stable is recommended instead ... oval:org.secpod.oval:def:117006 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:58205 Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STRE ... oval:org.secpod.oval:def:117004 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:117048 The Go Programming Language. oval:org.secpod.oval:def:503330 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * HTTP/2: flood using PING frames results in unbounded memory growth * HTTP/2: flood using HEADERS frames results in unbounded memory growth For more details about the security i ... oval:org.secpod.oval:def:57952 The host is missing an important security update for KB4512516 oval:org.secpod.oval:def:117049 The Go Programming Language. oval:org.secpod.oval:def:2105103 Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time ... oval:org.secpod.oval:def:57874 A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. T ... oval:org.secpod.oval:def:57951 The host is missing an important security update for KB4512517 oval:org.secpod.oval:def:57945 The host is missing an important security update for KB4512508 oval:org.secpod.oval:def:57949 The host is missing an important security update for KB4507469 oval:org.secpod.oval:def:57948 The host is missing an important security update for KB4512501 oval:org.secpod.oval:def:57947 The host is missing an important security update for KB4512497 oval:org.secpod.oval:def:66455 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of service * H ... oval:org.secpod.oval:def:89043994 This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 * CVE-2019-15903: Heap ... |
