CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Amazon•added 2024/07/22 12:0 a.m.•8 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited...

7.5CVSS6.9AI score0.88805EPSS

Exploits1

Amazon•added 2024/07/22 12:0 a.m.•3 views

Important: tomcat9

Issue Overview: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn l...

7.5CVSS6.9AI score0.21539EPSS

Exploits0

RedHat Linux•added 2024/07/19 10:57 a.m.•5 views

qtbase: qtbase: Delay any communication until encrypted() can be responded to

A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending...

8.6CVSS7.3AI score0.00205EPSS

RedHat Linux•added 2024/07/19 10:35 a.m.•3 views

qtbase: qtbase: Delay any communication until encrypted() can be responded to

8.6CVSS7.3AI score0.00205EPSS

RedHat Linux•added 2024/07/18 4:34 p.m.•3 views

qtbase: qtbase: Delay any communication until encrypted() can be responded to

8.6CVSS7.3AI score0.00205EPSS

RedHat Linux•added 2024/07/15 4:12 p.m.•2 views

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

7.5CVSS7.2AI score0.69905EPSS

OSV•added 2024/07/11 3:15 p.m.•0 views

DEBIAN-CVE-2024-38535

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...

7.5CVSS8.4AI score0.01059EPSS

RedHat Linux•added 2024/07/08 2:34 a.m.•1 views

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

8.2CVSS7.3AI score0.75933EPSS

Redos•added 2024/07/08 12:0 a.m.•2 views

ROS-20240708-21

Vulnerability in cURL command line utility is due to bugs in protocol removal logic. Exploitation The exploitation of the vulnerability may allow a remote intruder to gain access to protected information Vulnerability in the HTTP/2 network protocol implementation of the cURL command line utility ...

8.6CVSS7.2AI score0.01962EPSS

Exploits2

SUSE CVE•added 2024/07/05 3:27 a.m.•1 views

SUSE CVE-2024-34750

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

7.5CVSS7.4AI score0.21539EPSS

Exploits0References7

OSV•added 2024/07/04 9:15 p.m.•1 views

DEBIAN-CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...

8.6CVSS7.9AI score0.00205EPSS

OSV•added 2024/07/04 9:15 p.m.•3 views

AZL-43192 CVE-2024-39936 affecting package qt5-qtbase for versions less than 5.12.11-13

5.9CVSS7.4AI score0.00205EPSS

CNNVD•added 2024/07/04 12:0 a.m.•2 views

Qt Security Vulnerabilities

Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...

8.6CVSS7.1AI score0.00205EPSS

Exploits0References3

OSV•added 2024/07/03 9:39 p.m.•1 views

GHSA-WM9W-RJJ3-J356 Apache Tomcat - Denial of Service

8.7CVSS6.8AI score0.21539EPSS

Exploits0References11

OSV•added 2024/07/03 8:15 p.m.•1 views

DEBIAN-CVE-2024-34750

7.5CVSS7.2AI score0.21539EPSS

OSV•added 2024/07/03 8:15 p.m.•0 views

UBUNTU-CVE-2024-34750

7.5CVSS5.7AI score0.21539EPSS

Exploits0References4

RedHat Linux•added 2024/07/02 3:45 p.m.•1 views

nghttp2: CONTINUATION frames DoS

5.3CVSS6.8AI score0.24971EPSS

OSV•added 2024/07/01 7:15 p.m.•1 views

DEBIAN-CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

5.4CVSS5.9AI score0.00187EPSS

OSV•added 2024/07/01 7:15 p.m.•1 views

UBUNTU-CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

5.4CVSS6.6AI score0.00187EPSS