45 matches found
nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello
A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack...
DEBIAN-CVE-2018-11763
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...
CVE-2018-0956
A denial of service vulnerability exists in the HTTP 2.0 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...
Denial of Service Vulnerability in Multiple F5 Products (CNVD-2018-01140)
F5 BIG-IP LTM, etc. are products of F5 Corporation, U.S.A. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. A denial-of-service vulnerability exists in multiple F5 products that stems from the Traffic Management Microkernel TMM failing to properly handl...
Cisco IOS XR Software Denial of Service Vulnerability (CNVD-2017-32489)
The Cisco Network Convergence System NCS 5500 Series Routers are a series of 5500 Series routers from Cisco, Inc.IOS XR Software is one of the modular, distributed network operating systems. A denial of service vulnerability exists in the gRPC code of the IOS XR Software in Cisco NCS 5500 Series...