Lucene search
K

116 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-31892

Malicious code in bioql PyPI...

3.7CVSS7.3AI score0.00759EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-30414

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01585EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-29205

Malicious code in bioql PyPI...

7.5CVSS7.8AI score0.94615EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6718

Malicious code in bioql PyPI...

7.5CVSS7.2AI score0.02607EPSS
Exploits0References31
OSV
OSV
added 2025/07/16 8:19 a.m.74 views

BIT-TOMCAT-2025-53506 Apache Tomcat: DoS via excessive h2 streams at connection start

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0 through 11.0.8, from 10.1.0 through 10.1.42, from 9.0.0 through...

7.5CVSS7.2AI score0.01898EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2025/07/16 12:0 a.m.14 views

tomcat security update

1:9.0.87-1.el810.4 - Resolves: RHEL-91761 tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-31650 - Resolves: RHEL-71971 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337...

9.8CVSS7.3AI score0.66933EPSS
Exploits18
Veracode
Veracode
added 2025/07/14 5:47 p.m.5 views

Denial Of Service (DoS)

org.apache.tomcat:tomcat-coyote is vulnerable to Denial Of Service DoS. The vulnerability is due to failure to handle cases where an HTTP/2 client does not acknowledge the initial settings frame, allowing excessive concurrent streams and leading to resource exhaustion...

7.5CVSS9.2AI score0.01898EPSS
Exploits0References8Affected Software2
F5 Networks
F5 Networks
added 2025/07/03 3:44 p.m.15 views

K000152389: golang: net/http, x/net/http2 vulnerability CVE-2023-39325

Security Advisory Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allo...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
GithubExploit
GithubExploit
added 2025/07/02 2:20 a.m.130 views

Exploit for Incomplete Cleanup in Apache Tomcat

CVE-2025-31650 🚨 Proof of Concept PoC for Apache Tomcat HTT...

7.5CVSS7.4AI score0.66933EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/05/22 4:54 p.m.12 views

CVE-2020-9481

Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack...

7.5CVSS6.6AI score0.02387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:44 p.m.10 views

CVE-2020-9494

Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread...

7.5CVSS6.6AI score0.03909EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:13 a.m.9 views

CVE-2019-10079

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions...

7.5CVSS6.8AI score0.04561EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/08 12:0 a.m.9 views

PT-2025-20402

Name of the Vulnerable Software and Affected Versions Eclipse Jetty versions 12.0.0 through 12.0.16 Description The issue arises when an HTTP/2 client specifies a very large value for the HTTP/2 settings parameter SETTINGS MAX HEADER LIST SIZE. The Jetty HTTP/2 server fails to validate this setti...

7.5CVSS7.2AI score0.00625EPSS
Exploits0References21
NVD
NVD
added 2025/05/07 10:15 p.m.28 views

CVE-2025-41414

When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00352EPSS
Exploits0References1
OSV
OSV
added 2025/05/07 7:11 p.m.9 views

RLSA-2024:5654 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP/2 push headers memory-leak CVE-2024-2398 For more details about the security issues, including the impact, a CVS...

7.5CVSS9.4AI score0.36081EPSS
Exploits1References2
F5 Networks
F5 Networks
added 2025/05/07 1:1 p.m.13 views

K000140919: BIG-IP HTTP/2 vulnerability CVE-2025-36504

Security Advisory Description When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. CVE-2025-36504 Impact System performance can degrade until the Traffic Management Microkernel TMM process is either...

8.7CVSS6.8AI score0.00357EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
added 2025/05/07 12:44 p.m.15 views

K000140968: BIG-IP HTTP/2 vulnerability CVE-2025-41414

Security Advisory Description When HTTP/2 client and server profiles are simultaneously configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-41414 Impact Traffic is disrupted while the TMM process restarts. This vulnerability...

8.7CVSS7.1AI score0.00352EPSS
Exploits0Affected Software14
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.4 views

PT-2025-20307 · F5 · Big-Ip +2

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Recommendations: At the moment, there is no information about a newe...

8.7CVSS7.5AI score0.00352EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/05/07 12:0 a.m.7 views

F5 Networks BIG-IP : BIG-IP HTTP/2 vulnerability (K000140968)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.5 / 17.1.2 / Hotfix- BIGIP-15.1.10.7.0.4.5-ENG.iso. It is, therefore, affected by a vulnerability as referenced in the K000140968 advisory. When HTTP/2 client and server profiles are simultaneously configured on a...

8.7CVSS5.6AI score0.00352EPSS
Exploits0References2
Hacker One
Hacker One
added 2025/05/04 4:10 a.m.15 views

curl: HTTP/2 CONTINUATION Flood Vulnerability

0x00 Vulnerability Overview: Fatal Flaw in HTTP/2 Protocol Stack 1. HTTP/2 Header Block Fragmentation Mechanism RFC 7540 Specification: Header blocks are transmitted using a HEADERS frame followed by one or more CONTINUATION frames. All frames must belong to the same stream and be sent...

7.5CVSS7.6AI score0.99999EPSS
Exploits19
Rows per page
Query Builder