Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1220 matches found

SUSE CVE
SUSE CVEadded 2024/06/04 12:57 p.m.1 views

SUSE CVE-2021-32778

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy's procedure for resetting a HTTP/2 stream has ON^2 complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are...

7.5CVSS7.2AI score0.0006EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2024/06/03 6:39 p.m.2 views

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

8.2CVSS7.3AI score0.75933EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2024/06/03 6:38 p.m.2 views

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

8.2CVSS7.3AI score0.75933EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2024/06/03 3:49 p.m.2 views

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

8.2CVSS7.3AI score0.75933EPSS
Exploits1References7
Amazon
Amazonadded 2024/05/30 12:0 a.m.3 views

Medium: golang

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.7AI score0.64852EPSS
Exploits1
Amazon
Amazonadded 2024/05/30 12:0 a.m.1 views

Medium: cni-plugins

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.9AI score0.64852EPSS
Exploits1
RedHat Linux
RedHat Linuxadded 2024/05/29 1:33 p.m.5 views

etcd: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...

7.5CVSS6.8AI score0.94395EPSS
Exploits19References4
RedHat Linux
RedHat Linuxadded 2024/05/29 1:33 p.m.2 views

etcd: Incomplete fix for CVE-2021-44716 in OpenStack Platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

7.5CVSS7.1AI score0.00088EPSS
Exploits0References4
Amazon
Amazonadded 2024/05/28 12:0 a.m.2 views

Medium: golang

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.6AI score0.64852EPSS
Exploits1
RedHat Linux
RedHat Linuxadded 2024/05/23 3:28 p.m.4 views

etcd: Incomplete fix for CVE-2022-41723 in OpenStack Platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

7.5CVSS6.6AI score0.00226EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2024/05/23 6:18 a.m.3 views

Tomcat: HTTP/2 header handling DoS

A vulnerability was found in the Tomcat package due to its handling of HTTP/2 requests. Specifically, when an HTTP/2 request surpasses the predetermined limits for headers configured within the server, the associated HTTP/2 stream isn't reset immediately. Instead, the reset action occurs only aft...

7.5CVSS7AI score0.6439EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2024/05/22 8:41 p.m.3 views

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

7.5CVSS7.2AI score0.64852EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2024/05/22 11:47 a.m.2 views

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

7.5CVSS7.2AI score0.64852EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2024/05/21 10:5 a.m.3 views

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

8.2CVSS7.3AI score0.75933EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2024/05/21 10:5 a.m.3 views

varnish: HTTP/2 Broken Window Attack may result in denial of service

A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the acti...

7.5CVSS7.3AI score0.00071EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2024/05/20 10:31 a.m.2 views

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

7.5CVSS7.2AI score0.64852EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2024/05/15 11:35 a.m.2 views

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

8.2CVSS7.3AI score0.75933EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2024/05/15 11:35 a.m.2 views

nghttp2: CONTINUATION frames DoS

A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which...

5.3CVSS6.8AI score0.24971EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2024/05/13 1:26 a.m.2 views

varnish: HTTP/2 Broken Window Attack may result in denial of service

A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the acti...

7.5CVSS7.3AI score0.00071EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2024/05/09 6:30 a.m.0 views

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

8.2CVSS7.3AI score0.75933EPSS
Exploits1References7
Rows per page
Query Builder