Search CVE reports
1 – 2 of 2 results
CVE-2019-9515
Medium prioritySome fixes available 14 of 64
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...
7 affected packages
golang-google-grpc, grpc, h2o, netty, nginx...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
h2o | Not affected | Not affected | Not affected | Vulnerable | Not in release |
netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
twisted | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2019-9514
Medium prioritySome fixes available 14 of 81
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...
16 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-google-grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
grpc | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
h2o | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
nodejs | Not affected | Not affected | Not affected | Ignored | Ignored |
trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
twisted | Fixed | Fixed | Fixed | Fixed | Not affected |