EUVD-2017-0099

Malware in sbrugna...

EUVD-2022-2151

Malicious code in bioql PyPI...

EUVD-2018-8640

Malicious code in bioql PyPI...

Incorrect Object Recycling And Re-use

Apache Tomcat is vulnerable to Incorrect object recycling and re-use. The vulnerability is due to flawed object recycling logic in Apache Tomcat's HTTP/2 implementation. Specifically, the request and response objects are not properly cleared or segregated before being reused, allowing data from o...

SUSE-SU-2024:0090-1 Security update for gstreamer-plugins-rs

This update for gstreamer-plugins-rs fixes the following issues: - CVE-2022-31394: Fixed a potential denial of service in the HTTP/2 implementation bsc1208556...

K93000310: Apache Tomcat vulnerability CVE-2019-0199

Security Advisory Description The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for...

RHEL 7 / 8 : OpenShift Container Platform 4.4.3 haproxy (RHSA-2020:1936)

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1936 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

OPENSUSE-SU-2019:2232-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service bsc1146184. - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size...

MGASA-2019-0260 Updated tomcat packages fix security vulnerabilities

Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet...

Security update for go1.12 (moderate)

openSUSE Security Update: Security update for go1.12 Announcement ID: openSUSE-SU-2019:2085-1 Rating: moderate References: 1139210 1141689 1146111 1146115 1146123 Cross-References: CVE-2019-14809 CVE-2019-9512 CVE-2019-9514 Affected Products: openSUSE Leap 15.1 An update that solves three...

SUSE SLES15 Security Update : nginx (SUSE-SU-2019:2309-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)

This update for nginx fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. CVE-2019-9516: Fixed a denial of...

Security update for tomcat (moderate)

openSUSE Security Update: Security update for tomcat Announcement ID: openSUSE-SU-2019:1673-1 Rating: moderate References: 1111966 1131055 1136085 Cross-References: CVE-2019-0199 CVE-2019-0221 Affected Products: openSUSE Leap 15.0 An update that solves two vulnerabilities and has one errata is no...

Fixed in Apache Tomcat 8.5.38

Important: Denial of Service CVE-2019-0199 The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's...

Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect Algo One - Counterparty Credit Risk

Summary Apache Tomcat could allow a remote attacker to bypass security restrictions Vulnerability Details CVE-ID: CVE-2017-5647 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An...

CVE-2017-7675

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL...

CVE-2016-6580

CVE-2016-6580 affects HTTP/2 implementations built with the Python priority library older than 1.2.0. The vulnerability arises when a peer can assign priority information for every HTTP/2 stream ID, allowing the priority data structure to grow without bound, consuming memory and driving extremely...