Lucene search
K

5103 matches found

RedHat Linux
RedHat Linux
added 2019/09/17 3:16 p.m.3 views

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82017EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/09/13 8:46 a.m.2 views

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82017EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/09/13 8:46 a.m.1 views

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

7.8CVSS7.2AI score0.58373EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/09/13 8:40 a.m.2 views

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82017EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/09/13 8:40 a.m.3 views

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

7.8CVSS7.2AI score0.58373EPSS
Exploits0References8
Veracode
Veracode
added 2019/09/13 12:40 a.m.38 views

Denial Of Service (DoS)

nginx HTTP/2 is vulnerable to denial of service DoS. It does not prevent the attacker from creating multiple request streams and flooding using PRIORITY frames continuously in a way that causes substantial churn to the priority tree, causing an excessive resource consumption...

7.5CVSS2.7AI score0.82017EPSS
Exploits0References50Affected Software24
Veracode
Veracode
added 2019/09/13 12:40 a.m.49 views

Denial Of Service (DoS)

nginx HTTP/2 is vulnerable to denial of service DoS. The attack is possible because it cannot control an attacker from sending a large amount of data request by manipulating window size and stream priority to force server to queue the data in 1-byte chunks, exhausting CPU and/or memory...

7.5CVSS3.5AI score0.58373EPSS
Exploits0References55Affected Software46
RedHat Linux
RedHat Linux
added 2019/09/09 8:13 p.m.1 views

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82017EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/09/09 8:13 p.m.1 views

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

7.8CVSS7.2AI score0.58373EPSS
Exploits0References8
CNVD
CNVD
added 2019/08/27 12:0 a.m.3 views

Atlassian Jira Cross-Site Scripting Vulnerability (CNVD-2019-30066)

Jira is a tool developed by Australian company Atlassian for defect tracking, issue tracking and project management. A cross-site scripting vulnerability exists in the Priority Icon URL for the Issue Priority of the MigratePriorityScheme resource in Jira versions prior to 8.3.2. A remote attacker...

6.1CVSS6.1AI score0.0097EPSS
Exploits0References1
OSV
OSV
added 2019/08/23 2:15 p.m.4 views

CVE-2019-11584

The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the priority icon url of an issue priority...

6.1CVSS5.4AI score0.0097EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/08/23 6:15 a.m.23 views

CVE-2019-15505

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic which may be remote via usbip or usbredir...

10CVSS6.8AI score0.07619EPSS
Exploits0References10
NVD
NVD
added 2019/08/13 9:15 p.m.21 views

CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...

7.8CVSS7.5AI score0.82017EPSS
Exploits0References42
OSV
OSV
added 2019/08/13 9:15 p.m.0 views

DEBIAN-CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...

7.5CVSS8AI score0.82017EPSS
Exploits0References1
OSV
OSV
added 2019/08/13 9:15 p.m.30 views

CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...

7.5CVSS6.9AI score
Exploits0References42
OSV
OSV
added 2019/08/13 9:15 p.m.3 views

ALPINE-CVE-2019-9511

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

7.5CVSS8.8AI score0.58373EPSS
Exploits0References1
OSV
OSV
added 2019/08/13 9:15 p.m.3 views

ALPINE-CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...

7.5CVSS8.9AI score0.82017EPSS
Exploits0References1
Prion
Prion
added 2019/08/13 9:15 p.m.74 views

Design/Logic Flaw

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...

7.8CVSS7.4AI score0.82017EPSS
Exploits0References42Affected Software18
AlpineLinux
AlpineLinux
added 2019/08/13 8:50 p.m.37 views

CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...

7.8CVSS7.9AI score0.82017EPSS
Exploits0
Nginx
Nginx
added 2019/08/13 8:50 p.m.585 views

Excessive CPU usage in HTTP/2 with priority changes

Excessive CPU usage in HTTP/2 with priority changes Severity: low CVE-2019-9513 Not vulnerable: 1.17.3+, 1.16.1+ Vulnerable: 1.9.5-1.17.2...

7.8CVSS2.3AI score0.82017EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder