Search CVE reports


Toggle filters

11 – 16 of 16 results


CVE-2019-9515

Medium priority

Some fixes available 14 of 64

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...

7 affected packages

golang-google-grpc, grpc, h2o, netty, nginx...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
h2o Not affected Not affected Not affected Vulnerable Not in release
netty Vulnerable Vulnerable Vulnerable Fixed Not affected
nginx Not affected Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable Needs evaluation
twisted Fixed Fixed Fixed Fixed Not affected
Show all 7 packages Show less packages

CVE-2019-9514

Medium priority

Some fixes available 14 of 81

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...

16 affected packages

golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Needs evaluation
golang-1.11 Not in release Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.7 Not in release Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable Not in release
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
h2o Not affected Not affected Not affected Needs evaluation Not in release
netty Vulnerable Vulnerable Vulnerable Fixed Not affected
nginx Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Ignored Ignored
trafficserver Not affected Not affected Not affected Vulnerable Needs evaluation
twisted Fixed Fixed Fixed Fixed Not affected
Show all 16 packages Show less packages

CVE-2019-9512

Medium priority

Some fixes available 14 of 44

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...

13 affected packages

golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Needs evaluation
golang-1.11 Not in release Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.7 Not in release Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable Not in release
h2o Not affected Not affected Not affected Needs evaluation Not in release
netty Vulnerable Vulnerable Vulnerable Fixed Not affected
nginx Not affected Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable Needs evaluation
twisted Fixed Fixed Fixed Fixed Not affected
Show all 13 packages Show less packages

CVE-2019-12855

Low priority

Some fixes available 4 of 6

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

2 affected packages

twisted, twisted-py3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
twisted Fixed Fixed
twisted-py3 Not in release Not in release
Show less packages

CVE-2019-12387

Low priority

Some fixes available 4 of 6

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

2 affected packages

twisted, twisted-py3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
twisted Fixed Fixed
twisted-py3 Not in release Not in release
Show less packages

CVE-2016-1000111

Low priority

Some fixes available 2 of 7

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which...

2 affected packages

twisted, twisted-py3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
twisted Not affected Fixed
twisted-py3 Not in release Not in release
Show less packages