Search CVE reports
21 – 26 of 26 results
CVE-2019-9514
Medium prioritySome fixes available 14 of 81
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...
16 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| h2o | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
| netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
| nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Ignored | Ignored |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
| twisted | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2019-9512
Medium prioritySome fixes available 14 of 44
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...
13 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| h2o | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
| netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
| nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
| twisted | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2015-2156
Medium priorityNetty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain...
3 affected packages
netty, netty-3.9, netty3.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Not affected | Not affected |
| netty-3.9 | Not in release | Not in release | Not in release | Not affected | Vulnerable |
| netty3.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2016-4970
Medium priorityhandler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2014-3488
Medium priorityThe SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | — | — | — | — | — |
CVE-2014-0193
Low priorityWebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via...
1 affected package
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | — | — | — | Not affected | Not affected |