CVE search results

11 – 16 of 16 results

Detailed view

Sort by:

CVE-2019-9514

Medium priority

Some fixes available 15 of 80

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...

16 affected packages

golang-1.10, golang-1.11, golang-1.12, golang, golang-1.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-1.10	Not in release	Not in release	Not in release	Vulnerable
golang-1.11	Not in release	Not in release	Not in release	Not in release
golang-1.12	Not in release	Not in release	Not in release	Not in release
golang	Not in release	Not in release	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.7	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Vulnerable
golang-1.9	Not in release	Not in release	Not in release	Vulnerable
nginx	Not affected	Not affected	Not affected	Not affected
trafficserver	Not affected	Not affected	Not affected	Vulnerable
twisted	Fixed	Fixed	Fixed	Fixed
h2o	Not affected	Not affected	Not affected	Needs evaluation
nodejs	Not affected	Not affected	Not affected	Ignored
grpc	Vulnerable	Vulnerable	Vulnerable	Vulnerable
netty	Not affected	Not affected	Not affected	Fixed
golang-google-grpc	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2019-9512

Medium priority

Some fixes available 15 of 41

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...

13 affected packages

golang-1.9, golang-1.10, golang-1.11, golang-1.12, golang-1.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-1.9	Not in release	Not in release	Not in release	Vulnerable
golang-1.10	Not in release	Not in release	Not in release	Vulnerable
golang-1.11	Not in release	Not in release	Not in release	Not in release
golang-1.12	Not in release	Not in release	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release
h2o	Not affected	Not affected	Not affected	Needs evaluation
golang	Not in release	Not in release	Not in release	Not in release
golang-1.7	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Vulnerable
nginx	Not affected	Not affected	Not affected	Not affected
trafficserver	Not affected	Not affected	Not affected	Vulnerable
twisted	Fixed	Fixed	Fixed	Fixed
netty	Not affected	Not affected	Not affected	Fixed

CVE-2019-12855

Low priority

Some fixes available 4 of 6

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

2 affected packages

twisted, twisted-py3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
twisted	—	—	—	Fixed
twisted-py3	—	—	—	Not in release

CVE-2019-12387

Low priority

Some fixes available 4 of 6

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

2 affected packages

twisted, twisted-py3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
twisted	—	—	—	Fixed
twisted-py3	—	—	—	Not in release

CVE-2016-1000111

Low priority

Some fixes available 2 of 7

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which...

2 affected packages

twisted, twisted-py3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
twisted	—	—	—	Not affected
twisted-py3	—	—	—	Not in release

CVE-2014-7143

Medium priority

Not affected

Python Twisted 14.0 trustRoot is not respected in HTTP client

2 affected packages

twisted, twisted-py3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
twisted	—	—	—	—
twisted-py3	—	—	—	—

Export to JSON

Results by page:

Search CVE reports