Download
| Alert*
oval:org.secpod.oval:def:1802060
An attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly thereby keeping the connection and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or o ... oval:org.secpod.oval:def:503244 The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending ... oval:org.secpod.oval:def:2105926 Oracle Solaris 11 - ( CVE-2018-12120 ) oval:org.secpod.oval:def:503421 The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending ... oval:org.secpod.oval:def:1802049 An attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly thereby keeping the connection and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or ot ... oval:org.secpod.oval:def:205367 The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending ... oval:org.secpod.oval:def:1700250 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers , and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocat ... oval:org.secpod.oval:def:1900750 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers , and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocat ... oval:org.secpod.oval:def:1601123 A flaw was found in the Node.js code where a specially crafted HTTP request sent to a Node.js server failed to properly process the HTTP headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed ... oval:org.secpod.oval:def:2000562 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers , and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocat ... oval:org.secpod.oval:def:96750 The host is installed with Node.js 11.x before 11.3.0, 10.x before 10.14.0, 8.x before 8.14.0, or 6.x before 6.15.0 and is prone to a denial of service vulnerability. A flaw is present in the application which fails to handle a combination of many requests with maximum sized headers. Successful expl ... oval:org.secpod.oval:def:504882 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of ... oval:org.secpod.oval:def:1802031 An attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly thereby keeping the connection and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or o ... oval:org.secpod.oval:def:504868 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs . Security Fix: * nodejs-tar: Arbitrary file overwrites when extracting tar ... oval:org.secpod.oval:def:1504331 [2.8.0-5] - Resolves: rhbz#1686488: "make test" fails with stringop-overflow error [2.8.0-4] - Resolves: rhbz#1666382: CVE-2018-12121 http-parser: nodejs: Denial of Service with large HTTP headers [rhel-8] [2.8.0-3] - spec: make the check phase conditional oval:org.secpod.oval:def:1504479 [2.7.1-8] - Backport needed test fixes - Related: rhbz#1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser allowed for spaces inside Content-Length header values [rhel-7] [2.7.1-7] - Resolves: rhbz#1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser allowed for spaces inside Content-Length ... oval:org.secpod.oval:def:89043994 This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 * CVE-2019-15903: Heap ... |