Page 3 of 23 results (0.044 seconds)

CVSS: 7.8EPSS: 4%CPEs: 44EXPL: 0

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Algunas implementaciones de HTTP / 2 son vulnerables a una inundación de configuraciones, lo que puede conducir a una denegación de servicio. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html http://seclists.org/fulldisclosure/2019/Aug/16 https://access.redhat.com/errata/RHSA-2019:2766 https://access.redhat.com/errata/RHSA-2019:2796 https://access.redhat.com/errata/RHSA-2019:2861 https://access.redhat.com/errata/RHSA-2019:2925 https://access.redhat.com/errata/RHSA-2019:2939 https://access.redhat.com/errata/RHSA-2019:2955 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.8EPSS: 82%CPEs: 55EXPL: 0

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Algunas implementaciones de HTTP / 2 son vulnerables a una inundación de reinicio, lo que puede conducir a una denegación de servicio. El atacante abre una serie de secuencias y envía una solicitud no válida sobre cada secuencia que debería solicitar una secuencia de tramas RST_STREAM del par. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-09 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. Se detectó un problema en OpenStack Nova en versiones anteriores a 17.0.12, versiones 18.x anteriores a 18.2.2, y versiones 19.x anteriores a 19.0.2. Si una petición de la API de un usuario autenticado termina en una condición de fallo debido a una excepción externa, los detalles del entorno subyacente puede ser filtrados en la respuesta, y podrían incluir una configuración confidencial u otros datos. A vulnerability was found in the Nova Compute resource fault handling. • http://www.openwall.com/lists/oss-security/2019/08/06/6 https://access.redhat.com/errata/RHSA-2019:2622 https://access.redhat.com/errata/RHSA-2019:2631 https://access.redhat.com/errata/RHSA-2019:2652 https://launchpad.net/bugs/1837877 https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html https://security.openstack.org/ossa/OSSA-2019-003.html https://usn.ubuntu.com/4104-1 https://access.redhat.com/security/cve/CVE-2019-14433 https://bugzilla.redhat. • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 7.2EPSS: 15%CPEs: 23EXPL: 0

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. Se detectó una vulnerabilidad de desbordamiento del búfer de la pila en hyperloglog data structure versiones 3.x anteriores a 3.2.13, versiones 4.x anteriores a 4.0.14 y versiones 5.x anteriores a 5.0.4 de Redis. Por la corrupción cuidadosa de un hyperloglog usando el comando SETRANGE, un atacante podría engañar la interpretación de Redis de codificación HLL densa para escribir hasta 3 bytes más allá del final de un búfer asignado a la pila. A heap buffer overflow vulnerability was found in the Redis HyperLogLog data structure. • http://www.securityfocus.com/bid/109290 https://access.redhat.com/errata/RHSA-2019:1819 https://access.redhat.com/errata/RHSA-2019:1860 https://access.redhat.com/errata/RHSA-2019:2002 https://access.redhat.com/errata/RHSA-2019:2506 https://access.redhat.com/errata/RHSA-2019:2508 https://access.redhat.com/errata/RHSA-2019:2621 https://access.redhat.com/errata/RHSA-2019:2630 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192 https://raw.githubusercontent.com/antir • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.2EPSS: 18%CPEs: 22EXPL: 0

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. Se detectó una vulnerabilidad de desbordamiento del búfer de la pila en hyperloglog data structure de Redis en las versiones 3.x anteriores a 3.2.13, versiones 4.x anteriores a 4.0.14 y versiones 5.x anteriores a 5.0.4. Por la corrupción de un hiperloglog usando el comando SETRANGE, un atacante podría causar que Redis realizara incrementos controlados de hasta 12 bytes más allá del final de un búfer asignado a la pila. A stack buffer overflow vulnerability was found in the Redis HyperLogLog data structure. • http://www.securityfocus.com/bid/109290 https://access.redhat.com/errata/RHSA-2019:1819 https://access.redhat.com/errata/RHSA-2019:2002 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193 https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES https://seclists.org/bugtraq/2019/Jul/19 https://security.gentoo.org/glsa/201908-0 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •