UBUNTU-CVE-2026-43970

Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...

EUVD-2010-3708

Malware in sbrugna...

EUVD-2012-4855

Malware in sbrugna...

SUSE CVE-2012-4930

The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing...

K14059: CRIME vulnerability via the SPDY protocol CVE-2012-4930

Security Advisory Description The SPDY protocol 3, and earlier, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data. This allows man-in-the-middle attackers to obtain plain text HTTP headers by observing length differences during a series ...

SUSE CVE-2014-0133

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request...

SUSE CVE-2014-1582

The Public Key Pinning PKP implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site b...

SUSE CVE-2014-3155

net/spdy/spdywritequeue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service out-of-bounds read by leveraging incorrect queue maintenance...

SUSE CVE-2014-3166

The Public Key Pinning PKP implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of...

Nginx < 1.4.7 SPDY Heap Buffer Overflow

According to the self-reported version in the server response header, the installed 1.3.x version of nginx is 1.3.15 or higher, or 1.4.x prior to 1.4.7, or 1.5.x prior to 1.5.12. It is, therefore, affected by a heap buffer overflow vulnerability. A flaw exists with the SPDY protocol implementatio...

CVE-2016-7475

Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel TMM may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles...

CVE-2016-7475

Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel TMM may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles...

Denial of Service Vulnerability in Multiple F5 Products (CNVD-2018-09412)

F5 BIG-IP LTM, etc. are products of F5 Corporation, U.S.A. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. Security vulnerabilities exist in several F5 products. An attacker can exploit this vulnerability by sending malformed SPDY or HTTP/2 requests to...

SSL/TLS: TLS/SPDY Protocol Information Disclosure Vulnerability (CRIME)

The TLS/SPDY protocols are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

F5 Networks BIG-IP : CRIME vulnerability via the SPDY protocol (K14059)

The SPDY protocol 3, and earlier, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data. This allows man-in-the-middle attackers to obtain plain text HTTP headers by observing length differences during a series of guesses in which a string i...

What is HTTP/2 ? Next-Gen Protocol For Faster and Safer Internet

Good news for Internet folks! Get Ready as the entire web you know is about to change. The new and long-awaited version of HTTP took a major step toward becoming a reality on Wednesday – It is been officially finalized and approved. Mark Nottingham, chairman of the Internet Engineering Task Force...

Debian Security Advisory DSA 3039-1 (chromium-browser - security update)

Several vulnerabilities were discovered in the chromium web browser. CVE-2014-3160 Christian Schneider discovered a same origin bypass issue in SVG file resource fetching. CVE-2014-3162 The Google Chrome development team addressed multiple issues with potential security impact for chromium...

Debian DSA-3039-1 : chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser. - CVE-2014-3160 Christian Schneider discovered a same origin bypass issue in SVG file resource fetching. - CVE-2014-3162 The Google Chrome development team addressed multiple issues with potential security impact for chromium...

UBUNTU-CVE-2014-3166

The Public Key Pinning PKP implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of...

[SECURITY] [DSA 2959-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2959-1 [email protected] http://www.debian.org/security/ Michael Gilbert June 14, 2014 http://www.debian.org/security/faq -...