5103 matches found
HTTP/2: flood using PRIORITY frames results in excessive resource consumption
A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...
HTTP/2: flood using PRIORITY frames results in excessive resource consumption
A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...
HTTP/2: large amount of data requests leads to denial of service
A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...
HTTP/2: flood using PRIORITY frames results in excessive resource consumption
A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...
HTTP/2: large amount of data requests leads to denial of service
A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...
Denial Of Service (DoS)
nginx HTTP/2 is vulnerable to denial of service DoS. It does not prevent the attacker from creating multiple request streams and flooding using PRIORITY frames continuously in a way that causes substantial churn to the priority tree, causing an excessive resource consumption...
Denial Of Service (DoS)
nginx HTTP/2 is vulnerable to denial of service DoS. The attack is possible because it cannot control an attacker from sending a large amount of data request by manipulating window size and stream priority to force server to queue the data in 1-byte chunks, exhausting CPU and/or memory...
HTTP/2: flood using PRIORITY frames results in excessive resource consumption
A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...
HTTP/2: large amount of data requests leads to denial of service
A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...
Atlassian Jira Cross-Site Scripting Vulnerability (CNVD-2019-30066)
Jira is a tool developed by Australian company Atlassian for defect tracking, issue tracking and project management. A cross-site scripting vulnerability exists in the Priority Icon URL for the Issue Priority of the MigratePriorityScheme resource in Jira versions prior to 8.3.2. A remote attacker...
CVE-2019-11584
The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the priority icon url of an issue priority...
CVE-2019-15505
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic which may be remote via usbip or usbredir...
CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...
DEBIAN-CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...
CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...
ALPINE-CVE-2019-9511
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...
ALPINE-CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...
Design/Logic Flaw
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...
CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...
Excessive CPU usage in HTTP/2 with priority changes
Excessive CPU usage in HTTP/2 with priority changes Severity: low CVE-2019-9513 Not vulnerable: 1.17.3+, 1.16.1+ Vulnerable: 1.9.5-1.17.2...