CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

211 matches found

OSV•added 2024/04/04 9:15 p.m.•5 views

AZL-38956 CVE-2023-45288 affecting package cri-tools for versions less than 1.30.1-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.91969EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•4 views

AZL-38761 CVE-2023-45288 affecting package prometheus-adapter for versions less than 0.12.0-1

7.5CVSS6.8AI score0.91969EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•2 views

AZL-39022 CVE-2023-45288 affecting package ig for versions less than 0.29.0-1

7.5CVSS7AI score0.91969EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•2 views

AZL-38209 CVE-2023-45288 affecting package skopeo for versions less than 1.14.4-3

7.5CVSS7AI score0.91969EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•2 views

AZL-38839 CVE-2023-45288 affecting package kubevirt for versions less than 1.2.0-13

7.5CVSS6.8AI score0.91969EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•5 views

AZL-38338 CVE-2023-45288 affecting package docker-cli for versions less than 25.0.7-1

7.5CVSS6.8AI score0.91969EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•3 views

AZL-50336 CVE-2023-45288 affecting package prometheus for versions less than 2.37.9-2

7.5CVSS7AI score0.91969EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•6 views

AZL-38692 CVE-2023-45288 affecting package containerized-data-importer for versions less than 1.57.0-12

7.5CVSS6.8AI score0.91969EPSS

Exploits1References1

CVE•added 2024/04/04 8:37 p.m.•2490 views

CVE-2023-45288

CVE-2023-45288 concerns an HTTP/2 HPACK processing issue where an attacker can force an endpoint to parse excessive HEADERS and CONTINUATION frames, potentially reading large, even Huffman-encoded, header data beyond intended bounds. The vulnerability arises when request headers exceed MaxHeaderB...

7.5CVSS8.1AI score0.91969EPSS

Exploits1References9

Debian CVE•added 2024/04/04 8:37 p.m.•74 views

CVE-2023-45288

7.5CVSS7.9AI score0.91969EPSS

Exploits1

FreeBSD•added 2024/04/04 12:0 a.m.•25 views

forgejo -- HTTP/2 CONTINUATION flood in net/http

[email protected] reports: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's heade...

7.5CVSS6.9AI score0.91969EPSS

Exploits1References1

OSV•added 2024/04/03 9:12 p.m.•96 views

GO-2024-2687 HTTP/2 CONTINUATION flood in net/http

7.5CVSS8.1AI score0.91969EPSS

Exploits1References3

FreeBSD•added 2024/04/03 12:0 a.m.•26 views

go -- http2: close connections when receiving too many headers

The Go project reports: http2: close connections when receiving too many headers Maintaining HPACK state requires that we parse and process all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, we don't allocate memory to store the excess headers but...

7.5CVSS7AI score0.91969EPSS

Exploits1References1

OSV•added 2024/03/24 1:15 a.m.•3 views

CVE-2024-30161

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly wasm. Earlier and later versions are unaffected...

6.5CVSS6.2AI score

Exploits0References1

OSV•added 2024/03/24 1:15 a.m.•3 views

AZL-38545 CVE-2024-30161 affecting package qtbase for versions less than 6.6.3-2

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly wasm. Earlier and later versions are unaffected...

6.5CVSS5.7AI score0.00456EPSS

Exploits0References1

OSV•added 2024/03/24 1:15 a.m.•1 views

UBUNTU-CVE-2024-30161

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly wasm. Earlier and later versions are unaffected...

6.5CVSS5.8AI score0.00456EPSS

Exploits0References4

CNNVD•added 2024/03/24 12:0 a.m.•2 views

Qt 安全漏洞

Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...

6.5CVSS6.3AI score0.00456EPSS

Exploits0References3

Cvelist•added 2024/03/24 12:0 a.m.•16 views

CVE-2024-30161

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly wasm. Earlier and later versions are unaffected...

6.7AI score0.00456EPSS

Exploits0References1

CNNVD•added 2024/03/15 12:0 a.m.•2 views

GLPI Security Vulnerabilities

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

8.8CVSS7.1AI score0.00748EPSS

Exploits1References2

Positive Technologies•added 2024/03/06 12:0 a.m.•8 views

PT-2024-2621

Name of the Vulnerable Software and Affected Versions net/http and net/http2 in Go affected versions not specified Description An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires...

9.8CVSS7.3AI score0.91969EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by