CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2021/09/22 9:6 a.m.•4 views

nodejs: Use-after-free on close http2 on stream canceling

A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit the memory corruption, which causes a change in the process behavior. The highest threat from this vulnerability is to confidentiality and integrity...

9.8CVSS7.3AI score0.37286EPSS

RedHat Linux•added 2021/09/22 8:55 a.m.•1 views

nodejs: Use-after-free on close http2 on stream canceling

A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit memory corruption to change process behavior. The highest threat from this vulnerability is to confidentiality and integrity...

7.5CVSS7.3AI score0.13972EPSS

RedHat Linux•added 2021/09/21 1:22 p.m.•2 views

nodejs: Use-after-free on close http2 on stream canceling

7.5CVSS7.3AI score0.13972EPSS

CNNVD•added 2021/09/09 12:0 a.m.•5 views

Caleb Doxsey pomerium 安全漏洞

Caleb Doxsey pomerium is a Caleb Doxsey open source application. An identity agent that provides secure access to internal applications. Pomerium suffers from a security vulnerability that stems from the fact that the Envoy on which Pomerium is based incorrectly handles resets of overly complex...

7.5CVSS7.3AI score0.01609EPSS

CNNVD•added 2021/09/09 12:0 a.m.•4 views

Caleb Doxsey pomerium 代码问题漏洞

Caleb Doxsey pomerium is a Caleb Doxsey open source application. An identity agent that allows secure access to internal applications. A code issue vulnerability exists in Pomerium that stems from the fact that the Envoy on which Pomerium is based may terminate abnormally if an H/2 GOAWAY and...

8.6CVSS8AI score0.01586EPSS

Positive Technologies•added 2021/09/09 12:0 a.m.•4 views

PT-2021-22456 · Pomerium +1 · Pomerium +1

Name of the Vulnerable Software and Affected Versions: Pomerium versions prior to 0.14.8 Pomerium versions prior to 0.15.1 Description: The issue arises from Envoy, which Pomerium is based on, incorrectly handling resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU...

7.5CVSS7.4AI score0.01609EPSS

Exploits0References10

RedHat Linux•added 2021/08/26 10:18 a.m.•4 views

nodejs: Use-after-free on close http2 on stream canceling

9.8CVSS7.3AI score0.37286EPSS

RedHat Linux•added 2021/08/26 10:18 a.m.•0 views

nodejs: Use-after-free on close http2 on stream canceling

7.5CVSS7.3AI score0.13972EPSS

Positive Technologies•added 2021/08/24 12:0 a.m.•4 views

PT-2021-19923 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.16.5 Envoy versions prior to 1.17.4 Envoy versions prior to 1.18.4 Envoy versions prior to 1.19.1 Description: The procedure for resetting an HTTP/2 stream in Envoy has ON^2 complexity, leading to high CPU utilizatio...

7.5CVSS7.3AI score0.01191EPSS

Exploits0References11

OSV•added 2021/07/14 5:15 p.m.•2 views

ALPINE-CVE-2021-36740

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8...

6.5CVSS7AI score0.01599EPSS

Exploits0References1

OSV•added 2021/07/14 5:15 p.m.•1 views

DEBIAN-CVE-2021-36740

6.5CVSS6.7AI score0.01599EPSS

Exploits0References1

RedHat Linux•added 2021/07/13 1:10 p.m.•0 views

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

5.9CVSS7.1AI score0.04935EPSS

Positive Technologies•added 2021/07/09 12:0 a.m.•2 views

PT-2021-21142 · Unknown · Grpc Swift

Name of the Vulnerable Software and Affected Versions: gRPC Swift versions 1.1.1 and earlier Description: The issue allows remote attackers to cause a denial of service via the delivery of many small messages within a single HTTP/2 frame, leading to uncontrolled recursion and stack consumption...

7.5CVSS7.3AI score0.02082EPSS

Exploits0References8

RedHat Linux•added 2021/07/07 6:29 a.m.•0 views

netty: Request smuggling via content-length header

5.9CVSS7.1AI score0.04935EPSS

OSV•added 2021/06/30 8:15 a.m.•1 views

DEBIAN-CVE-2021-32566

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...

7.5CVSS7.3AI score0.02515EPSS

Exploits0References1

OSV•added 2021/06/30 8:15 a.m.•0 views

UBUNTU-CVE-2021-32566

7.5CVSS5.8AI score0.02515EPSS

OSV•added 2021/06/30 8:15 a.m.•0 views

UBUNTU-CVE-2021-32567

7.5CVSS5.8AI score0.02447EPSS

CNNVD•added 2021/06/30 12:0 a.m.•11 views

Apache Traffic Server 输入验证错误漏洞

Apache Traffic Server or ATS or TS for short , is a high-performance , modular HTTP proxy and caching server . An improper input validation vulnerability exists in HTTP/2 in Apache Traffic Server versions 7.0.0 - 7.1.12, 8.0.0 - 8.1.1, 9.0.0 - 9.0.1. An attacker could exploit this vulnerability t...

7.5CVSS5.7AI score0.02447EPSS

CNNVD•added 2021/06/30 12:0 a.m.•3 views

Apache Traffic Server 输入验证错误漏洞

7.5CVSS5.7AI score0.02515EPSS