Lucene search
K

4722 matches found

RedHat Linux
RedHat Linux
added 2019/10/01 10:3 a.m.9 views

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.25448EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2019/10/01 12:0 a.m.5 views

The vulnerability of the fly-admin-printer print manager in the FLY operating system of Astra Linux allows a attacker to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the fly-admin-printer print manager in the FLY operating system of Astra Linux is related to errors in processing empty tasks, as well as errors in renaming the printer. Exploiting this vulnerability allows a remote attacker to compromise data integrity, gain unauthorized...

6CVSS5.6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/09/30 3:15 p.m.2 views

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.25448EPSS
Exploits0References6
OSV
OSV
added 2019/09/11 10:15 p.m.5 views

CVE-2019-5054

An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 WNR2000v5 with Firmware Version V1.0.0.70 HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference,...

7.5CVSS5.8AI score0.0313EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2019/09/11 12:0 a.m.69 views

openSUSE Security Update : nodejs10 (openSUSE-2019-2114) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

This update for nodejs10 to version 10.16.3 fixes the following issues : Security issues fixed : - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service bsc1146091. -...

7.8CVSS7.3AI score0.87806EPSS
Exploits1References16
RedHat Linux
RedHat Linux
added 2019/09/04 8:14 p.m.1 views

Mozilla: Content security policy bypass through hash-based sources in directives

If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...

6.8CVSS7.4AI score0.01447EPSS
Exploits1References5
OSV
OSV
added 2019/09/04 12:0 a.m.4 views

UBUNTU-CVE-2019-11738

If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...

6.3CVSS7.4AI score0.01447EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2019/09/03 12:0 a.m.50 views

SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2019:2259-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

This update for nodejs10 to version 10.16.3 fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service bsc1146091. CVE-2019-9512...

7.8CVSS7.3AI score0.87806EPSS
Exploits1References25
OSV
OSV
added 2019/09/02 7:4 a.m.9 views

SUSE-SU-2019:2259-1 Security update for nodejs10

This update for nodejs10 to version 10.16.3 fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service bsc1146091. -...

7.8CVSS6.9AI score0.87806EPSS
Exploits1References17
OSV
OSV
added 2019/08/22 1:15 p.m.4 views

CVE-2016-10917

The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316...

9.8CVSS5.8AI score0.01872EPSS
Exploits0References1
OSV
OSV
added 2019/08/19 10:15 p.m.2 views

BELL-CVE-2019-15220 CVE-2019-15220 does not affect BellSoft software

Bulletin has no description...

4.6CVSS7.2AI score0.00756EPSS
Exploits1References1
Node JS Blog
Node JS Blog
added 2019/08/16 12:0 a.m.63 views

August 2019 Security Releases

August 2019 Security Releases Node.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for more information. Updates are now available for all...

7.8CVSS7.7AI score0.87806EPSS
Exploits1
OSV
OSV
added 2019/08/13 9:15 p.m.39 views

CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

7.5CVSS6.8AI score
Exploits0References27
OSV
OSV
added 2019/08/13 9:15 p.m.2 views

ALPINE-CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

7.5CVSS8.8AI score0.25448EPSS
Exploits0References1
OSV
OSV
added 2019/08/13 9:15 p.m.2 views

DEBIAN-CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

7.5CVSS8AI score0.25448EPSS
Exploits0References1
OSV
OSV
added 2019/08/13 9:15 p.m.1 views

DEBIAN-CVE-2019-9515

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost...

7.5CVSS8AI score0.87806EPSS
Exploits0References1
Prion
Prion
added 2019/08/13 9:15 p.m.29 views

Design/Logic Flaw

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

7.8CVSS7.3AI score0.25448EPSS
Exploits0References27Affected Software16
Cvelist
Cvelist
added 2019/08/13 8:50 p.m.43 views

CVE-2019-9518 Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

7.5CVSS7.6AI score0.25448EPSS
Exploits0References27
CERT
CERT
added 2019/08/13 12:0 a.m.126 views

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Overview Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service DoS attacks. Description The Security Considerations section of RFC7540 discusses some of the considerations needed for HTTP/2 connections as they demand more resources to operate than HTTP/1.1 connections...

7.8CVSS7.7AI score0.87806EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2019/08/13 12:0 a.m.39 views

CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

7.8CVSS7.2AI score0.25448EPSS
Exploits0References5
Rows per page
Query Builder