28 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-9511
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The...
Synology DSM HTTP/2 Implementations Window Size and Stream Prioritization Manipulation (CVE-2019-9511)
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...
SUSE CVE-2019-9511
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...
EulerOS 2.0 SP3 : nginx (EulerOS-SA-2021-1101)
According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of...
EulerOS 2.0 SP2 : nginx (EulerOS-SA-2020-2372)
According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of...
HTTP/2: large amount of data requests leads to denial of service
A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...
openSUSE: Security Advisory for nghttp2 (openSUSE-SU-2019:2232-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security Bulletin: A security vulnerability has been identified in nginx shipped with PowerAI Vision
Summary Multiple vulnerabilities CVE-2019-9516, CVE-2019-9515, CVE-2019-9517, CVE-2019-9518, CVE-2019-9511, CVE-2019-9513 in nginx Vulnerability Details CVEID: CVE-2019-9516 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The...
Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities in Node.js CVE-2019-9511, CVE-2019-9516, CVE-2019-9512, CVE-2019-9517, CVE-2019-9518, CVE-2019-9515, CVE-2019-9513, CVE-2019-9514 Vulnerability Details CVEID: CVE-2019-9511 DESCRIPTION: Some HTTP/2 implementation...
HTTP/2: large amount of data requests leads to denial of service
A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...
Amazon Linux 2 : mod_http2 (ALAS-2019-1342) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering)
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...
Important: mod_http2
Issue Overview: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and...
Amazon Linux 2 : nghttp2 (ALAS-2019-1298) (Data Dribble) (Resource Loop)
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...
Amazon Linux AMI : nghttp2 (ALAS-2019-1298) (Data Dribble) (Resource Loop)
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...
Security update for nghttp2 (moderate)
openSUSE Security Update: Security update for nghttp2 Announcement ID: openSUSE-SU-2019:2234-1 Rating: moderate References: 1112438 1125689 1134616 1146182 1146184 Cross-References: CVE-2019-9511 CVE-2019-9513 Affected Products: openSUSE Leap 15.0 An update that solves two vulnerabilities and has...
HTTP/2: large amount of data requests leads to denial of service
A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...
Important: nginx
Issue Overview: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and...
EulerOS 2.0 SP8 : nginx (EulerOS-SA-2019-2084)
According to the versions of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This...
EulerOS 2.0 SP8 : nghttp2 (EulerOS-SA-2019-2083)
According to the version of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of...
HTTP/2: large amount of data requests leads to denial of service
A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...