Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

40 matches found

RedHat Linux
RedHat Linuxadded 2024/03/18 11:19 a.m.47 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.8 release and security update

An update is now available for Red Hat JBoss Web Server 5.7.8 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

7.5CVSS6.9AI score0.23072EPSS
Exploits1References5
Amazon
Amazonadded 2024/03/06 12:0 a.m.2 views

Medium: amazon-ecr-credential-helper

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS8.2AI score0.91969EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2023/04/10 12:0 a.m.20 views

Debian dla-3385 : trafficserver - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3385 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3385-1 [email protected]...

7.5CVSS6.6AI score0.01886EPSS
Exploits0References10
NVD
NVDadded 2022/08/10 6:15 a.m.10 views

CVE-2022-31779

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

7.5CVSS0.01886EPSS
Exploits0References4
OSV
OSVadded 2022/05/14 1:10 a.m.33 views

GHSA-698C-2X4J-G9GQ Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible...

7.5CVSS8.1AI score0.0719EPSS
Exploits1References19
NVD
NVDadded 2021/05/14 1:15 a.m.12 views

CVE-2021-31922

An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3...

7.5CVSS0.00973EPSS
Exploits1References1
Prion
Prionadded 2021/05/14 1:15 a.m.14 views

Design/Logic Flaw

An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3...

5CVSS7.4AI score0.00973EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2021/05/14 12:41 a.m.17 views

CVE-2021-31922

An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3...

7.6AI score0.00973EPSS
Exploits1References1
OSV
OSVadded 2021/01/05 3:18 p.m.9 views

SUSE-SU-2021:0031-1 Security update for tomcat

This update for tomcat fixes the following issue: - CVE-2020-17527: Fixed a HTTP/2 request header mix-up bsc1179602...

7.5CVSS7.5AI score0.24622EPSS
Exploits0References3
Apache Tomcat
Apache Tomcatadded 2020/11/17 12:0 a.m.116 views

Fixed in Apache Tomcat 9.0.40

Important: Information disclosure CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API...

7.5CVSS6.9AI score0.24622EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linuxadded 2020/09/14 12:56 p.m.80 views

Important: Red Hat Security Advisory: httpd24-httpd security update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

7.5CVSS7.4AI score0.89744EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2020/09/14 12:43 p.m.109 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.5CVSS7.4AI score0.89744EPSS
Exploits0References2
OpenVAS
OpenVASadded 2020/08/10 12:0 a.m.42 views

Apache HTTP Server 2.4.20 < 2.4.44 Multiple Vulnerabilities - Linux

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

7.5CVSS8.9AI score0.89744EPSS
Exploits2References1
CNVD
CNVDadded 2020/06/28 12:0 a.m.14 views

Apache Traffic Server Buffer Overflow Vulnerability

Apache Traffic Server ATS is the United States Apache Apache Software Foundation's set of scalable HTTP proxy and caching server. A security vulnerability exists in Apache Traffic Server versions 6.0.0 through 6.2.3, 7.0.0 through 7.1.10, and 8.0.0 through 8.0.7. The vulnerability can be exploite...

7.5CVSS6.5AI score0.03909EPSS
Exploits0References1
OSV
OSVadded 2017/12/22 2:29 p.m.14 views

CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

7.5CVSS7.6AI score
Exploits0References2
NVD
NVDadded 2017/12/22 2:29 p.m.16 views

CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

7.5CVSS7.3AI score0.03636EPSS
Exploits0References2
Prion
Prionadded 2017/12/22 2:29 p.m.15 views

Design/Logic Flaw

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

5CVSS7.3AI score0.03636EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2017/12/22 2:29 p.m.4 views

UBUNTU-CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

7.5CVSS7.1AI score0.03636EPSS
Exploits0References3
Cvelist
Cvelistadded 2017/12/22 2:0 p.m.20 views

CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

7.3AI score0.03636EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2017/12/22 2:0 p.m.19 views

CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

7.5CVSS7.4AI score0.03636EPSS
Exploits0
Rows per page
Query Builder