Search CVE reports

Toggle filters

21 – 30 of 34 results

CVE-2020-10707

Negligible priority
Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11612. Reason: This candidate is a reservation duplicate of CVE-2020-11612. Notes: All CVE users should reference CVE-2020-11612 instead of this candidate....

1 affected package

netty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty Not affected
Show less packages

CVE-2020-11612

Medium priority

Some fixes available 3 of 5

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server...

1 affected package

netty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-20445

Medium priority

Some fixes available 4 of 6

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

2 affected packages

netty, netty-3.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty Not affected Not affected Not affected Fixed
netty-3.9 Not in release Not in release Not in release Fixed
Show less packages

CVE-2019-20444

Medium priority

Some fixes available 4 of 6

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

2 affected packages

netty, netty-3.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty Not affected Not affected Not affected Fixed
netty-3.9 Not in release Not in release Not in release Fixed
Show less packages

CVE-2020-7238

Medium priority

Some fixes available 2 of 5

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete...

2 affected packages

netty, netty-3.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty Not affected Not affected Not affected Needs evaluation
netty-3.9 Not in release Not in release Not in release Not affected
Show less packages

CVE-2019-16869

Medium priority

Some fixes available 3 of 7

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.

2 affected packages

netty, netty-3.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty Not affected Not affected Not affected Vulnerable
netty-3.9 Not in release Not in release Not in release Fixed
Show less packages

CVE-2019-9518

Medium priority

Some fixes available 1 of 22

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be...

2 affected packages

netty, trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
netty Not affected Not affected Not affected Fixed
trafficserver Needs evaluation Needs evaluation Not affected Needs evaluation
Show less packages

CVE-2019-9515

Medium priority

Some fixes available 16 of 66

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with...

7 affected packages

golang-google-grpc, grpc, h2o, nginx, trafficserver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable
grpc Vulnerable Vulnerable Vulnerable Vulnerable
h2o Not affected Not affected Not affected Vulnerable
nginx Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable
twisted Fixed Fixed Fixed Fixed
netty Not affected Not affected Not affected Fixed
Show all 7 packages Show less packages

CVE-2019-9514

Medium priority

Some fixes available 16 of 83

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...

16 affected packages

golang-1.10, golang-1.11, golang-1.12, golang, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release
golang Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.7 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Vulnerable
nginx Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable
twisted Fixed Fixed Fixed Fixed
h2o Not affected Not affected Not affected Needs evaluation
nodejs Not affected Not affected Not affected Ignored
grpc Vulnerable Vulnerable Vulnerable Vulnerable
netty Not affected Not affected Not affected Fixed
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable
Show all 16 packages Show less packages

CVE-2019-9512

Medium priority

Some fixes available 16 of 42

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...

13 affected packages

golang-1.9, golang-1.10, golang-1.11, golang-1.12, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.9 Not in release Not in release Not in release Vulnerable
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
h2o Not affected Not affected Not affected Needs evaluation
golang Not in release Not in release Not in release Not in release
golang-1.7 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
nginx Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable
twisted Fixed Fixed Fixed Fixed
netty Not affected Not affected Not affected Fixed
Show all 13 packages Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. Next page
Export to JSON