Search CVE reports
31 – 40 of 80 results
Some fixes available 33 of 46
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
14 affected packages
dnsdist, dotnet6, dotnet7, dotnet8, h2o...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dnsdist | Not affected | Not affected | Fixed | Not affected | Not affected |
| dotnet6 | Not in release | Not in release | Fixed | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Fixed | Not in release | Not in release |
| dotnet8 | Not in release | Fixed | Not affected | Not in release | Not in release |
| h2o | Not in release | Not affected | Fixed | Fixed | Fixed |
| haproxy | Not affected | Not affected | Not affected | Not affected | Fixed |
| netty | Not affected | Not affected | Fixed | Fixed | Not affected |
| nghttp2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Fixed | Fixed | Fixed |
| tomcat10 | Not affected | Not affected | Not in release | Not in release | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | Not affected | Not affected | Fixed | Fixed | Fixed |
| trafficserver | Not in release | Not affected | Fixed | Fixed | Not affected |
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information...
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | — | Not affected | Not affected | Not affected |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | — | Not affected | Not affected | Not affected |
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that...
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | — | Fixed | Fixed | Fixed |
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that...
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | — | Fixed | Fixed | Fixed |
Some fixes available 6 of 21
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having...
3 affected packages
nginx, sendmail, vsftpd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | Not affected | Not affected | Fixed | Fixed | Fixed |
| sendmail | Not affected | Not affected | Vulnerable | Vulnerable | Vulnerable |
| vsftpd | Not affected | Not affected | Not affected | Fixed | Vulnerable |
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies....
7 affected packages
discque, hiredis, nginx, python-hiredis, redis...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| discque | Not in release | Not in release | Not in release | Not in release | Not in release |
| hiredis | Not affected | Not affected | Not affected | Not affected | Not affected |
| nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
| python-hiredis | Not affected | Not affected | Not affected | Not affected | Not affected |
| redis | Not affected | Not affected | Not affected | Not affected | Not affected |
| rspamd | Not affected | Not affected | Not affected | Not affected | Not in release |
| webdis | Not affected | Not affected | Not affected | Not affected | Not in release |
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when...
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | — | Not affected | Not affected | Not affected |
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | — | Fixed | Fixed | Fixed |
Some fixes available 3 of 5
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | Not affected | Not affected | Not affected | Fixed | Fixed |