Search CVE reports
21 – 25 of 25 results
CVE-2019-9512
Medium prioritySome fixes available 13 of 42
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...
13 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| h2o | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
| netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
| nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
| twisted | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2015-2156
Medium priorityNetty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain...
3 affected packages
netty, netty-3.9, netty3.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Not affected | Not affected |
| netty-3.9 | Not in release | Not in release | Not in release | Not affected | Vulnerable |
| netty3.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2016-4970
Medium priorityhandler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
1 affected packages
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2014-3488
Medium priorityThe SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
1 affected packages
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | — | — | — | — | — |
CVE-2014-0193
Low priorityWebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via...
1 affected packages
netty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| netty | — | — | — | Not affected | Not affected |