1880 matches found
HTTP/2: request for large response leads to denial of service
A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server's...
OPENSUSE-SU-2019:2120-1 Security update for nginx
This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. - CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. - CVE-2019-9516: Fixed a denial...
CVE-2019-16144
An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield during API calls...
Fedora Update for nginx FEDORA-2019-7a0b45fdc4
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Design/Logic Flaw
A vulnerability in the Network Time Protocol NTP feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a dr...
CVE-2019-1967 Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability
A vulnerability in the Network Time Protocol NTP feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a dr...
CVE-2019-1967 Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability
A vulnerability in the Network Time Protocol NTP feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a dr...
Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability
A vulnerability in the Network Time Protocol NTP feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a dr...
[SECURITY] Fedora 30 Update: nginx-1.16.1-1.fc30
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
ALPINE-CVE-2019-9512
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...
Excessive memory usage in HTTP/2 with zero length headers
Excessive memory usage in HTTP/2 with zero length headers Severity: low CVE-2019-9516 Not vulnerable: 1.17.3+, 1.16.1+ Vulnerable: 1.9.5-1.17.2...
UBUNTU-CVE-2019-9512
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...
Uncontrolled Recursion in Django
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...
GHSA-V9QG-3J8P-R63V Uncontrolled Recursion in Django
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...
[ASA-201908-3] python2-django: multiple issues
Arch Linux Security Advisory ASA-201908-3 ========================================= Severity: Medium Date : 2019-08-05 CVE-ID : CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Package : python2-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1014...
DEBIAN-CVE-2019-14235
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...
ALPINE-CVE-2019-14235
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...
CVE-2019-14235
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...
CVE-2019-14235
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...
Open redirect
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...