BELL-CVE-2019-15220 CVE-2019-15220 does not affect BellSoft software

Bulletin has no description...

August 2019 Security Releases

August 2019 Security Releases Node.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for more information. Updates are now available for all...

ALPINE-CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

DEBIAN-CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

DEBIAN-CVE-2019-9515

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost...

Design/Logic Flaw

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

CVE-2019-9518 Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Overview Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service DoS attacks. Description The Security Considerations section of RFC7540 discusses some of the considerations needed for HTTP/2 connections as they demand more resources to operate than HTTP/1.1 connections...

UBUNTU-CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

PT-2019-2979 · Alt Linux +7 · Alt Linux +7

Name of the Vulnerable Software and Affected Versions: HTTP/2 implementations affected versions not specified Description: The issue is related to a flood of empty frames in HTTP/2 implementations, which can lead to a denial of service. An attacker sends a stream of frames with an empty payload a...

NewStart CGSL MAIN 4.05 : postgresql Vulnerability (NS-SA-2019-0121)

The remote NewStart CGSL host, running version MAIN 4.05, has postgresql packages installed that are affected by a vulnerability: - It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote...

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

sssd: fallback_homedir returns '/' for empty home directories in passwd file

A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' the root directory instead of '' the empty string / no home directory. This could impact services that restrict the user's filesystem access to within their home directory through...

DEBIAN-CVE-2019-14381

libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot...

CVE-2019-14381

libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot...

Null pointer dereference

libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot...

CVE-2019-14381

libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot...

Ubuntu-Maker Canonical's GitHub Account Gets Hacked

An unknown hacker yesterday successfully managed to hack into the official GitHub account of Canonical, the company behind the Ubuntu Linux project and created 11 new empty repositories. It appears that the cyberattack was, fortunately, just a "loud" defacement attempt rather than a "silent"...