CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2022/03/10 5:44 p.m.•5 views

CVE-2022-0618

7.8CVSS7.2AI score0.01248EPSS

Exploits0References2Affected Software1

NVD•added 2022/03/10 5:44 p.m.•30 views

CVE-2022-0618

7.8CVSS0.01248EPSS

Prion•added 2022/03/10 5:44 p.m.•12 views

Design/Logic Flaw

7.8CVSS7.4AI score0.01248EPSS

Exploits0References1Affected Software1

CNNVD•added 2022/03/10 12:0 a.m.•2 views

swift-nio-http2 安全漏洞

swift-nio-http2 is a SwiftPM project that can be built and tested very easily. A security vulnerability exists in swift-nio-http2 version 1.0.0 up to and including version 1.20, which stems from a logic error when an application parses an HTTP/2 header or an HTTP/2 PUSHPROMISE frame, which contai...

7.8CVSS7.1AI score0.01248EPSS

Cvelist•added 2022/03/09 8:23 p.m.•39 views

CVE-2022-0618

7.6AI score0.01248EPSS

ATTACKERKB•added 2022/03/04 4:15 p.m.•3 views

CVE-2022-22946

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates...

5.5CVSS6.6AI score0.04732EPSS

NVD•added 2022/03/04 4:15 p.m.•23 views

CVE-2022-22946

5.5CVSS0.04732EPSS

OSV•added 2022/03/04 4:15 p.m.•27 views

CVE-2022-22946

5.5CVSS6.8AI score0.04732EPSS

Prion•added 2022/03/04 4:15 p.m.•17 views

Code injection

2.1CVSS6.5AI score0.04732EPSS

Exploits0References2Affected Software6

CVE•added 2022/03/04 3:50 p.m.•161 views

CVE-2022-22946

CVE-2022-22946 affects Spring Cloud Gateway versions prior to 3.1.1+. When HTTP/2 is enabled and there is no key store or trusted certificates, the gateway may be configured to use an insecure TrustManager, allowing connections to remote services with invalid or custom certificates. Affected comp...

5.5CVSS5.7AI score0.04732EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/03/04 3:50 p.m.•30 views

CVE-2022-22946

6.7AI score0.04732EPSS

Veracode•added 2022/03/02 9:29 a.m.•37 views

Insecure HTTP2 TrustManager

spring-cloud-gateway-server uses an insecure HTTP2 TrustManager. Application with default configuration and no key store or trusted certificates uses an insecure trustmanager factory option when HTTP2 is enabled, allowing the gateway connections to remote services with invalid or custom...

5.5CVSS2.7AI score0.04732EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2022/02/23 8:55 a.m.•32 views

CVE-2021-43535

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...

8.8CVSS9.2AI score0.0111EPSS

VulnCheck KEV•added 2022/02/22 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-7659

A maliciously constructed HTTP/2 request could cause modhttp2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process...

7.5CVSS6.7AI score0.53939EPSS

Veracode•added 2022/02/17 12:7 a.m.•26 views

Denial Of Service (DoS)

Undertow is vulnerable to denial of service. The vulnerability exists due to a flaw that is able to trip the client-side invocation timeout with certain calls made over HTTP2...

7.5CVSS2.7AI score0.01241EPSS

Exploits0References8Affected Software19

Veracode•added 2022/02/11 3:21 p.m.•23 views

Denial Of Service (DoS)

github.com/apple/swift-nio-http2 is vulnerable to denial of service. The vulnerability exists in decodeInteger function of IntegerCoding.swift due to improper input checks which allows an attacker to cause an application crash...

7.5CVSS4.3AI score0.01101EPSS

Exploits0References3Affected Software1

OSV•added 2022/02/11 12:0 a.m.•2 views

GHSA-PV7R-9VJG-G3F9 Duplicate advisory: swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pgfx-g6rc-8cjv. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a...

7.5CVSS7.4AI score0.01333EPSS

OSV•added 2022/02/11 12:0 a.m.•2 views

GHSA-WFVQ-P7QF-VV64 Duplicate advisory: swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w3f6-pc54-gfw7. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a...

7.5CVSS7.5AI score0.01101EPSS