Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1291 matches found

Amazon
Amazonadded 2024/06/24 12:0 a.m.4 views

Important: containerd

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...

7.5CVSS6.2AI score0.04299EPSS
Exploits0
RedHat Linux
RedHat Linuxadded 2024/06/20 6:15 a.m.4 views

curl: HTTP/2 push headers memory-leak

A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a...

8.6CVSS7.3AI score0.01962EPSS
Exploits1References5
Amazon
Amazonadded 2024/06/12 12:0 a.m.6 views

Medium: cri-tools

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.9AI score0.69905EPSS
Exploits1
RedHat Linux
RedHat Linuxadded 2024/06/11 5:34 p.m.2 views

Tomcat: HTTP/2 header handling DoS

A vulnerability was found in the Tomcat package due to its handling of HTTP/2 requests. Specifically, when an HTTP/2 request surpasses the predetermined limits for headers configured within the server, the associated HTTP/2 stream isn't reset immediately. Instead, the reset action occurs only aft...

7.5CVSS7AI score0.6439EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2024/06/05 2:47 p.m.2 views

jetty: stop accepting new connections from valid clients

A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file...

7.5CVSS7AI score0.00559EPSS
Exploits0References6
SUSE CVE
SUSE CVEadded 2024/06/04 12:57 p.m.2 views

SUSE CVE-2021-32778

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy's procedure for resetting a HTTP/2 stream has ON^2 complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are...

7.5CVSS7.2AI score0.0006EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2024/06/03 6:39 p.m.3 views

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

8.2CVSS7.3AI score0.75933EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2024/06/03 6:38 p.m.2 views

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

8.2CVSS7.3AI score0.75933EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2024/06/03 3:49 p.m.2 views

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

8.2CVSS7.3AI score0.75933EPSS
Exploits1References7
Amazon
Amazonadded 2024/05/30 12:0 a.m.1 views

Medium: cni-plugins

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.9AI score0.69905EPSS
Exploits1
Amazon
Amazonadded 2024/05/30 12:0 a.m.3 views

Medium: golang

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.7AI score0.69905EPSS
Exploits1
RedHat Linux
RedHat Linuxadded 2024/05/29 1:33 p.m.5 views

etcd: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...

7.5CVSS6.8AI score0.9439EPSS
Exploits19References4
RedHat Linux
RedHat Linuxadded 2024/05/29 1:33 p.m.2 views

etcd: Incomplete fix for CVE-2021-44716 in OpenStack Platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

7.5CVSS7.1AI score0.00088EPSS
Exploits0References4
Amazon
Amazonadded 2024/05/28 12:0 a.m.2 views

Medium: golang

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.6AI score0.69905EPSS
Exploits1
RedHat Linux
RedHat Linuxadded 2024/05/23 3:28 p.m.4 views

etcd: Incomplete fix for CVE-2022-41723 in OpenStack Platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

7.5CVSS6.6AI score0.00264EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2024/05/23 6:18 a.m.3 views

Tomcat: HTTP/2 header handling DoS

A vulnerability was found in the Tomcat package due to its handling of HTTP/2 requests. Specifically, when an HTTP/2 request surpasses the predetermined limits for headers configured within the server, the associated HTTP/2 stream isn't reset immediately. Instead, the reset action occurs only aft...

7.5CVSS7AI score0.6439EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2024/05/22 8:41 p.m.3 views

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

7.5CVSS7.2AI score0.69905EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2024/05/22 11:47 a.m.2 views

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

7.5CVSS7.2AI score0.69905EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2024/05/21 10:5 a.m.4 views

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

8.2CVSS7.3AI score0.75933EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2024/05/21 10:5 a.m.4 views

varnish: HTTP/2 Broken Window Attack may result in denial of service

A flaw was found in the Varnish cache server, with HTTP/2 support enabled, that may allow a Denial of Service type of attack. A malicious actor can cause the server to run out of credits during the HTTP/2 connection control flow. As a consequence, the server will stop to properly process the acti...

7.5CVSS7.3AI score0.00071EPSS
Exploits0References5
Rows per page
Query Builder