1440 matches found
March Release: Q&A with Ari Weil
Shortly after Akamai announced the March 2019 Release with new features and capabilities across its security, performance and media product lines, Akamai's VP of Product Marketing, Ari Weil, took over Akamai's Twitter account for a live March Release Q&A. For those that missed the live event,...
[SECURITY] Fedora 28 Update: mod_http2-1.14.1-1.fc28
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...
[SECURITY] Fedora 29 Update: mod_http2-1.14.1-1.fc29
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...
Apache -- vulnerability
The Apache httpd Project reports: SECURITY: CVE-2018-17199 modsession: modsessioncookie does not respect expiry time allowing sessions to be reused. SECURITY: CVE-2019-0190 modssl: Fix infinite loop triggered by a client-initiated renegotiation in TLSv1.2 or earlier with OpenSSL 1.1.1 and later. ...
Wireshark 2.6.x < 2.6.2 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.6.2 advisory. - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This...
Fedora 28 : curl (2018-bc65ab5014)
http2: mark the connection for close on GOAWAY - new upstream release 7.59.0 - FTP path trickery leads to NIL byte out of bounds write CVE-2018-1000120 - LDAP NULL pointer dereference CVE-2018-1000121 - RTSP RTP buffer over-read CVE-2018-1000122 - ftp: fix typo in recursive callback detection for...
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2018:1918-1)
This update for nodejs8 to version 8.11.3 fixes the following issues: These security issues were fixed : - CVE-2018-7167: Calling Buffer.fill or Buffer.alloc with some parameters could have lead to a hang which could have resulted in a DoS bsc1097375. - CVE-2018-7161: By interacting with the http...
Proxygen Denial of Service Vulnerability
Facebook Proxygen is an open source C++ HTTP library from Facebook Inc. HTTP2 Parser is one of the HTTP2 Hypertext Transfer Protocol 2.0 parser. A security vulnerability exists in the handling of headers/trailers by HTTP2 Parser in versions prior to Facebook Proxygen 2018.12.31.00. An attacker...
Design/Logic Flaw
Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz TLS 1.3 transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fi...
Denial of service
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings specifically a circular dependency. This affects Proxygen prior to v2018.12.31.00...
CVE-2018-6346
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings specifically a circular dependency. This affects Proxygen prior to v2018.12.31.00...
CVE-2018-6343
Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz TLS 1.3 transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fi...
CVE-2018-6347
An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00...
Design/Logic Flaw
An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00...
CVE-2018-6347
An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00...
CVE-2018-6346
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings specifically a circular dependency. This affects Proxygen prior to v2018.12.31.00...
CVE-2018-6343
Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz TLS 1.3 transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fi...
CVE-2018-6346
Summary: CVE-2018-6346 describes a potential denial-of-service in Facebook Proxygen caused by the handling of invalid HTTP/2 priority settings (circular dependency). Affected versions: Proxygen prior to 2018.12.31.00. Root cause: improper processing of priority frames leading to DoS; no exploit d...
CVE-2018-6343
Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz TLS 1.3 transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fi...
CVE-2018-6346
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings specifically a circular dependency. This affects Proxygen prior to v2018.12.31.00...