CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2024/02/02 12:0 a.m.•3 views

PT-2024-1653 · Nginx +1 · Nginx Oss +3

The affected software includes NGINX Plus and NGINX OSS, specifically when configured to use the HTTP/3 QUIC module. This issue may allow a remote attacker to cause a denial of service due to undisclosed requests that can cause worker processes to terminate. The HTTP/3 QUIC module is not enabled ...

7.8CVSS8.5AI score0.01061EPSS

Exploits0References34

OSV•added 2024/01/03 8:15 a.m.•0 views

UBUNTU-CVE-2024-0207

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file...

7.8CVSS5.8AI score0.0047EPSS

Exploits1References3

CNNVD•added 2024/01/03 12:0 a.m.•2 views

Wireshark 安全漏洞

Wireshark is a very popular network packet analyzer that intercepts various network packets and displays packet details. Wireshark has a denial of service vulnerability in version 4.2.0. A crash in the HTTP3 parser in the affected version of Wireshark allows denial of service via packet injection...

7.8CVSS6.9AI score0.0047EPSS

Exploits1References5

Positive Technologies•added 2023/12/12 12:0 a.m.•4 views

PT-2023-31505 · H2O · H2O

Name of the Vulnerable Software and Affected Versions: h2o versions 2.3.0-beta and prior Description: The QUIC stack, as used by h2o, is susceptible to a state exhaustion attack. When h2o is serving HTTP/3, a remote attacker can exploit this vulnerability to progressively increase the memory...

7.5CVSS7.3AI score0.00857EPSS

Exploits0References9

vulnersOsv•added 2023/10/10 9:16 p.m.•1 views

com.infomaximum:network (>=1.1.3p8 <=1.1.3p10), com.infomaximum:platform (>=0.1.6p17 <=0.1.13p1) +11 more potentially affected by CVE-2023-36478 via org.eclipse.jetty.http3:http3-qpack (>=11.0.10 <=11.0.15)

org.eclipse.jetty.http3:http3-qpack MAVEN version =11.0.10, =1.1.3p8, =0.1.6p17, =0.2.0, =0.2.0, =0.2.0, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.15 Source cves: CVE-2023-36478 Source advisory: OSV:GHSA-WGH7-54F2-X98R...

7.5CVSS6.7AI score0.03754EPSS

Exploits1

Snyk•added 2023/08/08 5:17 p.m.•2 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS in .NET Kestrel where a malicious...

Snyk•added 2023/08/08 5:17 p.m.•3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS in .NET Kestrel where a malicious client can bypass QUIC stream limit in HTTP/3 in both ASP.NET and .NET runtimes, resulting in exploitation of this vulnerability. Note: .NET 6 included HTTP/3 support as a preview...

Snyk•added 2023/08/08 5:17 p.m.•1 views

Denial of Service (DoS)

Snyk•added 2023/08/08 5:17 p.m.•2 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS in .NET Kestrel where a malicious...

Snyk•added 2022/10/21 8:29 p.m.•3 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server...

Snyk•added 2022/10/21 8:29 p.m.•3 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server...

7.5CVSS8AI score0.03481EPSS

Denial of Service (DoS)

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server...

Snyk•added 2022/10/21 8:29 p.m.•3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server processes certain HTTP/2 and HTTP/3 requests. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users...

7.5CVSS7.9AI score0.03481EPSS

Snyk•added 2022/10/21 8:29 p.m.•1 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web serve...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server...

Denial of Service (DoS)