exploit the possibilities
Showing 1 - 18 of 18 RSS Feed

CVE-2020-11080

Status Candidate

Overview

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.

Related Files

Red Hat Security Advisory 2020-3578-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3578-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling. Kibana is one of the major components of OpenShift Container Platform cluster logging. It is a browser-based console interface to query, discover, and visualize the log data. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2020-10531, CVE-2020-11080, CVE-2020-14040, CVE-2020-7015, CVE-2020-7598, CVE-2020-8174
MD5 | 3e8201c0248689e51a2d6b28bef9496b
Red Hat Security Advisory 2020-3525-01
Posted Aug 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3525-01 - Quay 3.3.1 release has been released. An issue where build triggers can disclose robot account names and existence of private repos within namespaces has been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-12049, CVE-2020-13777, CVE-2020-14313
MD5 | 7f18a183551d1429182ce5854f336bdc
Red Hat Security Advisory 2020-3372-01
Posted Aug 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3372-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-14040, CVE-2020-9283
MD5 | dc87b661878804726689d99ccedb068e
Red Hat Security Advisory 2020-3084-01
Posted Jul 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3084-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2020-10531, CVE-2020-11080, CVE-2020-7598, CVE-2020-8174
MD5 | 3074c7c70c5fc22136644cec1f1845d9
Red Hat Security Advisory 2020-3042-01
Posted Jul 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3042-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8174
MD5 | 2f7b5a7ee5d9736aaeff32fc96803ad7
Red Hat Security Advisory 2020-2895-01
Posted Jul 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2895-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass, denial of service, and integer overflow vulnerabilities.

tags | advisory, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2020-10531, CVE-2020-11080, CVE-2020-7598, CVE-2020-8172, CVE-2020-8174
MD5 | 109ef50c777336f70aaab681ae80e59c
Red Hat Security Advisory 2020-2852-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2852-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8172, CVE-2020-8174
MD5 | 869187548522431e252fda15b20a6aea
Red Hat Security Advisory 2020-2848-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2848-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8174
MD5 | b66f57420dbbeafea3b18109597a10b3
Red Hat Security Advisory 2020-2849-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2849-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8174
MD5 | 69238e75b367f14377b1a9a6eec08ad8
Red Hat Security Advisory 2020-2847-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2847-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2020-11080, CVE-2020-7598, CVE-2020-8172, CVE-2020-8174
MD5 | 38483358dd813546fe45ebae634ca967
Red Hat Security Advisory 2020-2850-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2850-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11080
MD5 | b31de2333ed43a3c4b28d8d01d41562a
Red Hat Security Advisory 2020-2823-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2823-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11080
MD5 | 2fdf47cd71242eae7e056c3735e53336
Red Hat Security Advisory 2020-2784-01
Posted Jul 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2784-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11080
MD5 | 63d2bac8288564905489404eb67aca4e
Red Hat Security Advisory 2020-2755-01
Posted Jun 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2755-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11080
MD5 | 7bfc5e8b93e52968c5e4e2fc6a8a50bd
Red Hat Security Advisory 2020-2646-01
Posted Jun 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2646-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Issues addressed include buffer over-read, denial of service, and memory leak vulnerabilities.

tags | advisory, web, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2018-20843, CVE-2019-0196, CVE-2019-0197, CVE-2019-15903, CVE-2019-19956, CVE-2019-20388, CVE-2020-11080, CVE-2020-1934, CVE-2020-7595
MD5 | e83a71b4bc88543a706aad6f12cb4126
Red Hat Security Advisory 2020-2644-01
Posted Jun 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2644-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Issues addressed include buffer over-read, denial of service, and memory leak vulnerabilities.

tags | advisory, web, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2018-20843, CVE-2019-0196, CVE-2019-0197, CVE-2019-15903, CVE-2019-19956, CVE-2019-20388, CVE-2020-11080, CVE-2020-1934, CVE-2020-7595
MD5 | a71fe6af0fb16e3610bd7a75e89e2e1a
Red Hat Security Advisory 2020-2524-01
Posted Jun 11, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2524-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-11080
MD5 | 7ac0e9043d310fdbb32125b0375259d7
Red Hat Security Advisory 2020-2523-01
Posted Jun 11, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2523-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-11080
MD5 | a7f3ca4fe0a622005fd6907f881ebb08
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    8 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close