Search CVE reports

Toggle filters

21 – 30 of 30 results

CVE-2019-9515

Medium priority

Some fixes available 15 of 63

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...

7 affected packages

golang-google-grpc, grpc, h2o, nginx, trafficserver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable
grpc Vulnerable Vulnerable Vulnerable Vulnerable
h2o Not affected Not affected Not affected Vulnerable
nginx Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable
twisted Fixed Fixed Fixed Fixed
netty Not affected Not affected Not affected Fixed
Show all 7 packages Show less packages

CVE-2019-9514

Medium priority

Some fixes available 15 of 80

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...

16 affected packages

golang-1.10, golang-1.11, golang-1.12, golang, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release
golang Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.7 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Vulnerable
nginx Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable
twisted Fixed Fixed Fixed Fixed
h2o Not affected Not affected Not affected Needs evaluation
nodejs Not affected Not affected Not affected Ignored
grpc Vulnerable Vulnerable Vulnerable Vulnerable
netty Not affected Not affected Not affected Fixed
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable
Show all 16 packages Show less packages

CVE-2019-9512

Medium priority

Some fixes available 15 of 41

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...

13 affected packages

golang-1.9, golang-1.10, golang-1.11, golang-1.12, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.9 Not in release Not in release Not in release Vulnerable
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
h2o Not affected Not affected Not affected Needs evaluation
golang Not in release Not in release Not in release Not in release
golang-1.7 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
nginx Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable
twisted Fixed Fixed Fixed Fixed
netty Not affected Not affected Not affected Fixed
Show all 13 packages Show less packages

CVE-2019-20445

Medium priority

Some fixes available 4 of 6

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

2 affected packages

netty, netty-3.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty Not affected Not affected Not affected Fixed
netty-3.9 Not in release Not in release Not in release Fixed
Show less packages

CVE-2019-20444

Medium priority

Some fixes available 4 of 6

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

2 affected packages

netty, netty-3.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty Not affected Not affected Not affected Fixed
netty-3.9 Not in release Not in release Not in release Fixed
Show less packages

CVE-2019-16869

Medium priority

Some fixes available 3 of 7

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.

2 affected packages

netty, netty-3.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty Not affected Not affected Not affected Vulnerable
netty-3.9 Not in release Not in release Not in release Fixed
Show less packages

CVE-2016-4970

Medium priority
Vulnerable

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

1 affected package

netty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty Not affected Not affected Not affected Not affected
Show less packages

CVE-2015-2156

Medium priority
Vulnerable

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain...

3 affected packages

netty, netty-3.9, netty3.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty Not affected Not affected Not affected Not affected
netty-3.9 Not in release Not in release Not in release Not affected
netty3.1 Not in release Not in release Not in release Not in release
Show less packages

CVE-2014-3488

Medium priority
Not affected

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

1 affected package

netty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty
Show less packages

CVE-2014-0193

Low priority
Ignored

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via...

1 affected package

netty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty Not affected
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. Next page
Export to JSON