Количество 1 065
Количество 1 065
CVE-2019-9517
Some HTTP/2 implementations are vulnerable to unconstrained interal da ...
CVE-2018-0734
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
CVE-2018-0734
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
CVE-2018-0734
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
CVE-2018-0734
The OpenSSL DSA signature algorithm has been shown to be vulnerable to ...
BDU:2023-08046
Уязвимость модуля WebAssembly программной платформы Node.js, позволяющая нарушителю выполнить произвольные команды
BDU:2023-04973
Уязвимость функции X509_VERIFY_PARAM_add0_policy() библиотеки OpenSSL, позволяющая нарушителю выполнить атаку типа «человек посередине»
BDU:2023-04959
Уязвимость алгоритма шифрования AES-SIV библиотеки OpenSSL, позволяющая нарушителю обойти процесс аутентификации
GHSA-39qc-96h7-956f
golang.org/x/net/http vulnerable to a reset flood
CVE-2019-9514
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
CVE-2019-9514
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
CVE-2019-9514
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
CVE-2019-9514
Some HTTP/2 implementations are vulnerable to a reset flood, potential ...
GHSA-4fhm-44hf-3465
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
CVE-2018-0735
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
CVE-2018-0735
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
CVE-2018-0735
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
CVE-2018-0735
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable ...
BDU:2019-02957
Уязвимость реализации сетевого протокола HTTP/2 операционных систем Windows, сервера nginx, сетевых программных средств netty, Envoy, SwiftNIO, программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-03652
Уязвимость библиотеки OpenSSL, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| CVE-2019-9517 Some HTTP/2 implementations are vulnerable to unconstrained interal da ... | CVSS3: 7.5 | 5% Низкий | больше 6 лет назад |
 | CVE-2018-0734 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). | CVSS3: 5.9 | 6% Низкий | больше 7 лет назад |
 | CVE-2018-0734 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). | CVSS3: 5.1 | 6% Низкий | больше 7 лет назад |
 | CVE-2018-0734 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). | CVSS3: 5.9 | 6% Низкий | больше 7 лет назад |
| CVE-2018-0734 The OpenSSL DSA signature algorithm has been shown to be vulnerable to ... | CVSS3: 5.9 | 6% Низкий | больше 7 лет назад |
 | BDU:2023-08046 Уязвимость модуля WebAssembly программной платформы Node.js, позволяющая нарушителю выполнить произвольные команды | CVSS3: 5.3 | 0% Низкий | больше 2 лет назад |
| BDU:2023-04973 Уязвимость функции X509_VERIFY_PARAM_add0_policy() библиотеки OpenSSL, позволяющая нарушителю выполнить атаку типа «человек посередине» | CVSS3: 5.3 | 1% Низкий | почти 3 года назад |
| BDU:2023-04959 Уязвимость алгоритма шифрования AES-SIV библиотеки OpenSSL, позволяющая нарушителю обойти процесс аутентификации | CVSS3: 5.3 | 0% Низкий | больше 2 лет назад |
| GHSA-39qc-96h7-956f golang.org/x/net/http vulnerable to a reset flood | CVSS3: 7.5 | 9% Низкий | больше 3 лет назад |
| CVE-2019-9514 Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. | CVSS3: 7.5 | 9% Низкий | больше 6 лет назад |
| CVE-2019-9514 Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. | CVSS3: 7.5 | 9% Низкий | больше 6 лет назад |
| CVE-2019-9514 Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. | CVSS3: 7.5 | 9% Низкий | больше 6 лет назад |
| CVE-2019-9514 Some HTTP/2 implementations are vulnerable to a reset flood, potential ... | CVSS3: 7.5 | 9% Низкий | больше 6 лет назад |
| GHSA-4fhm-44hf-3465 The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). | CVSS3: 5.9 | 7% Низкий | больше 3 лет назад |
| CVE-2018-0735 The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). | CVSS3: 5.9 | 7% Низкий | больше 7 лет назад |
| CVE-2018-0735 The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). | CVSS3: 5.1 | 7% Низкий | больше 7 лет назад |
| CVE-2018-0735 The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). | CVSS3: 5.9 | 7% Низкий | больше 7 лет назад |
| CVE-2018-0735 The OpenSSL ECDSA signature algorithm has been shown to be vulnerable ... | CVSS3: 5.9 | 7% Низкий | больше 7 лет назад |
| BDU:2019-02957 Уязвимость реализации сетевого протокола HTTP/2 операционных систем Windows, сервера nginx, сетевых программных средств netty, Envoy, SwiftNIO, программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 4% Низкий | больше 6 лет назад |
| BDU:2023-03652 Уязвимость библиотеки OpenSSL, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 92% Критический | больше 2 лет назад |
Уязвимостей на страницу