Download
| Alert*
oval:org.secpod.oval:def:69903
Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a high-performance web and reverse proxy server, which could result in denial of service. oval:org.secpod.oval:def:503342 Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Security Fix: * HTTP/2: large amount of data request leads to denial of service * HTTP/2: flood using PRIORITY frames resulting in excessive ... oval:org.secpod.oval:def:505045 nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix: * HTTP/2: large amount of data request leads to denial of service * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption ... oval:org.secpod.oval:def:1601059 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:119291 Node.js is a platform built on Chromes JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:89050769 This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization . - CVE-2019-9513: Fixed a denial of service caused by resource loops . - CVE-2019-9516: Fixed a denial of service caused by h ... oval:org.secpod.oval:def:1700254 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:117828 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:58064 This sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially le ... oval:org.secpod.oval:def:604503 Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a high-performance web and reverse proxy server, which could result in denial of service. oval:org.secpod.oval:def:89050762 This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization . - CVE-2019-9513: Fixed a denial of service caused by resource loops . - CVE-2019-9516: Fixed a denial of service caused by h ... oval:org.secpod.oval:def:58346 Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a high-performance web and reverse proxy server, which could result in denial of service. oval:org.secpod.oval:def:504882 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of ... oval:org.secpod.oval:def:503354 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of service * H ... oval:org.secpod.oval:def:117023 Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. oval:org.secpod.oval:def:2500041 Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a focus on high concurrency, performance and low memory usage. oval:org.secpod.oval:def:1502673 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1802021 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:504930 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of s ... oval:org.secpod.oval:def:504896 nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix: * HTTP/2: large amount of data request leads to denial of service * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption ... oval:org.secpod.oval:def:1502685 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1801978 * CVE-2019-9511 "Data Dribble": The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume exc ... oval:org.secpod.oval:def:2500035 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:705119 nginx: small, powerful, scalable web/proxy server nginx could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:117006 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:58369 nginx: small, powerful, scalable web/proxy server nginx could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:116996 Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. oval:org.secpod.oval:def:117004 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:2105103 Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time ... oval:org.secpod.oval:def:504828 nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix: * HTTP/2: large amount of data request leads to denial of service * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption ... oval:org.secpod.oval:def:66455 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of service * H ... oval:org.secpod.oval:def:89043994 This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 * CVE-2019-15903: Heap ... |