CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1220 matches found

RedHat Linux•added 2024/04/17 11:50 a.m.•2 views

OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle...

3.7CVSS7.2AI score0.00146EPSS

Exploits0References5

RedHat Linux•added 2024/04/17 11:46 a.m.•1 views

OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708)

3.7CVSS7.2AI score0.00146EPSS

Exploits0References5

GithubExploit•added 2024/04/14 11:34 a.m.•86 views

Exploit for CVE-2024-27983

This repository builds up a vulnerable HTTP2 Node.js server se...

8.2CVSS7.2AI score0.75933EPSS

Exploits1

OSV•added 2024/04/12 11:7 a.m.•5 views

OESA-2024-1452 mod_http2 security update

Modhttp2 is an official Apache httpd module, first released in 2.4.17. See Apache downloads to get a released version. modproxyhttp2 has been released in 2.4.23. Security Fixes: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTT...

7.5CVSS6.9AI score0.87555EPSS

Exploits2References2

OSV•added 2024/04/12 11:7 a.m.•3 views

OESA-2024-1407 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.CVE-2022-41723 A...

7.5CVSS6.7AI score0.54214EPSS

Exploits3References4

OSV•added 2024/04/12 11:7 a.m.•2 views

OESA-2024-1408 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the...

7.5CVSS6.8AI score0.54214EPSS

Exploits3References3

OSV•added 2024/04/12 11:7 a.m.•2 views

OESA-2024-1387 ignition security update

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

7.5CVSS8.2AI score0.0015EPSS

Exploits0References2

OSV•added 2024/04/10 12:15 p.m.•4 views

DEBIAN-CVE-2024-31309

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting proxy.config.http2.maxcontinuationframesperminute to limit the number of CONTINUATION frames...

7.5CVSS8AI score0.10847EPSS

Exploits1References1

OSV•added 2024/04/09 1:15 a.m.•1 views

ALPINE-CVE-2024-27983

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a T...

8.2CVSS6.7AI score0.75933EPSS

Exploits1References1

OSV•added 2024/04/08 11:28 a.m.•7 views

SUSE-SU-2024:1160-1 Security update for go1.22

This update for go1.22 fixes the following issues: - CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames bsc1221400 Other changes: - go minor release upgrade to 1.22.2 bsc1218424...

7.5CVSS7.8AI score0.64852EPSS

Exploits1References4

RedHat Linux•added 2024/04/08 9:21 a.m.•1 views

varnish: HTTP/2 Broken Window Attack may result in denial of service

A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the acti...

7.5CVSS7.3AI score0.00071EPSS

Exploits0References5

vulnersOsv•added 2024/04/05 3:5 p.m.•2 views

areq (=0.1.0-alpha), bws-web-server (>=0.1.0 <=0.1.1) +26 more potentially affected by unknown CVE via h2 (=0.4.14)

h2 CARGO version =0.4.14 is affected by a known vulnerability. The following packages have a transitive dependency on h2 and may be impacted: - areq =0.1.0-alpha - bws-web-server =0.1.0, =0.5.2, =0.1.0, =1.0.0, =1.5.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.6.0 and more Source cves: unknown CVE Sourc...

5.8AI score

Exploits0

OSV•added 2024/04/04 9:15 p.m.•2 views

AZL-38395 CVE-2023-45288 affecting package containerd for versions less than 1.7.13-6

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.64852EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•3 views

AZL-38542 CVE-2023-45288 affecting package moby-containerd-cc for versions less than 1.7.7-6

7.5CVSS6.8AI score0.64852EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•2 views

AZL-38581 CVE-2023-45288 affecting package git-lfs for versions less than 3.6.1-1

7.5CVSS6.8AI score0.64852EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•2 views

AZL-39484 CVE-2023-45288 affecting package etcd for versions less than 3.5.12-2