Search CVE reports


Toggle filters

1 – 2 of 2 results


CVE-2019-9515

Medium priority

Some fixes available 14 of 64

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...

7 affected packages

golang-google-grpc, grpc, h2o, netty, nginx...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
h2o Not affected Not affected Not affected Vulnerable Not in release
netty Vulnerable Vulnerable Vulnerable Fixed Not affected
nginx Not affected Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable Needs evaluation
twisted Fixed Fixed Fixed Fixed Not affected
Show all 7 packages Show less packages

CVE-2019-9514

Medium priority

Some fixes available 14 of 81

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...

16 affected packages

golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Needs evaluation
golang-1.11 Not in release Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.7 Not in release Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable Not in release
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
h2o Not affected Not affected Not affected Needs evaluation Not in release
netty Vulnerable Vulnerable Vulnerable Fixed Not affected
nginx Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Ignored Ignored
trafficserver Not affected Not affected Not affected Vulnerable Needs evaluation
twisted Fixed Fixed Fixed Fixed Not affected
Show all 16 packages Show less packages