Search CVE reports

Toggle filters

51 – 60 of 74 results

CVE-2019-9518

Medium priority

Some fixes available 1 of 21

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be...

2 affected packages

netty, trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty Not affected Not affected Not affected Fixed
trafficserver Needs evaluation Needs evaluation Not affected Needs evaluation
Show less packages

CVE-2019-9515

Medium priority

Some fixes available 15 of 63

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...

7 affected packages

golang-google-grpc, grpc, h2o, nginx, trafficserver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable
grpc Vulnerable Vulnerable Vulnerable Vulnerable
h2o Not affected Not affected Not affected Vulnerable
nginx Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable
twisted Fixed Fixed Fixed Fixed
netty Not affected Not affected Not affected Fixed
Show all 7 packages Show less packages

CVE-2019-9514

Medium priority

Some fixes available 15 of 80

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...

16 affected packages

golang-1.10, golang-1.11, golang-1.12, golang, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release
golang Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.7 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Vulnerable
nginx Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable
twisted Fixed Fixed Fixed Fixed
h2o Not affected Not affected Not affected Needs evaluation
nodejs Not affected Not affected Not affected Ignored
grpc Vulnerable Vulnerable Vulnerable Vulnerable
netty Not affected Not affected Not affected Fixed
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable
Show all 16 packages Show less packages

CVE-2019-9512

Medium priority

Some fixes available 15 of 41

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...

13 affected packages

golang-1.9, golang-1.10, golang-1.11, golang-1.12, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.9 Not in release Not in release Not in release Vulnerable
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
h2o Not affected Not affected Not affected Needs evaluation
golang Not in release Not in release Not in release Not in release
golang-1.7 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
nginx Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable
twisted Fixed Fixed Fixed Fixed
netty Not affected Not affected Not affected Fixed
Show all 13 packages Show less packages

CVE-2019-17565

Medium priority
Needs evaluation

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions.

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
trafficserver Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-17559

Medium priority
Needs evaluation

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions.

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
trafficserver Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-10079

Medium priority
Needs evaluation

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to...

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
trafficserver Not affected Not affected Not affected Needs evaluation
Show less packages

CVE-2018-8040

Medium priority
Vulnerable

Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve...

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
trafficserver Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2018-8022

Medium priority
Not affected

A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions.

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
trafficserver Not affected Not affected Not affected
Show less packages

CVE-2018-8005

Medium priority
Vulnerable

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0...

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
trafficserver Not affected Not affected Not affected Vulnerable
Show less packages
  1. Previous page
  2. 4
  3. 5
  4. 6
  5. 7
  6. 8
  7. Next page
Export to JSON