CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1443 matches found

OSV•added 2024/05/10 2:32 p.m.•62 views

RLSA-2024:2564 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS7AI score0.91327EPSS

Exploits2References2

NVD•added 2024/05/08 9:15 a.m.•31 views

CVE-2024-4436

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

7.5CVSS8AI score0.00768EPSS

Exploits0References4

NVD•added 2024/05/08 9:15 a.m.•43 views

CVE-2024-4438

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...

7.5CVSS8.2AI score0.00791EPSS

Exploits0References5

UbuntuCve•added 2024/05/08 9:15 a.m.•22 views

CVE-2024-4438

7.5CVSS7.1AI score0.00791EPSS

Exploits0References3

Vulnrichment•added 2024/05/08 8:59 a.m.•66 views

CVE-2024-4438 Etcd: incomplete fix for cve-2023-39325/cve-2023-44487 in openstack platform

7.5CVSS8.6AI score0.00791EPSS

Exploits0References5

CVE•added 2024/05/08 8:59 a.m.•177 views

CVE-2024-4438

Technical details about CVE-2024-4438 are not provided in the supplied documents. The entry only states an incomplete fix related to CVE-2023-39325/CVE-2023-44487 in etcd within Red Hat OpenStack; no affected products, versions, or fixes are specified. Monitor for updates.

7.5CVSS7.6AI score0.00791EPSS

Exploits0References5

Cvelist•added 2024/05/08 8:59 a.m.•48 views

CVE-2024-4438 Etcd: incomplete fix for cve-2023-39325/cve-2023-44487 in openstack platform

7.5CVSS7.4AI score0.99999EPSS

Exploits19References5

Vulnrichment•added 2024/05/08 8:57 a.m.•33 views

CVE-2024-4437 Etcd: incomplete fix for cve-2021-44716 in openstack platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

7.5CVSS7.1AI score0.00768EPSS

Exploits0References4

Cvelist•added 2024/05/08 8:57 a.m.•44 views

CVE-2024-4437 Etcd: incomplete fix for cve-2021-44716 in openstack platform

7.5CVSS8AI score0.03958EPSS

Exploits0References4

CVE•added 2024/05/08 8:57 a.m.•143 views

CVE-2024-4437

CVE-2024-4437 concerns the etcd package in the Red Hat OpenStack Platform with an incomplete fix for CVE-2021-44716. The root cause, as stated, is that the etcd package uses http://golang.org/x/net/http2 instead of the Red Hat Enterprise Linux-provided version, requiring a compile-time update rat...

7.5CVSS7.6AI score0.03958EPSS

Exploits0References4

Vulnrichment•added 2024/05/08 8:57 a.m.•30 views

CVE-2024-4436 Etcd: incomplete fix for cve-2022-41723 in openstack platform

7.5CVSS7.9AI score0.04561EPSS

Exploits0References4

Cvelist•added 2024/05/08 8:57 a.m.•49 views

CVE-2024-4436 Etcd: incomplete fix for cve-2022-41723 in openstack platform

7.5CVSS8AI score0.00768EPSS

Exploits0References4

CVE•added 2024/05/08 8:57 a.m.•142 views

CVE-2024-4436

The CVE-2024-4436 entry notes an incomplete fix for CVE-2022-41723 in the Red Hat OpenStack platform’s etcd package. The underlying issue is that the etcd package uses http://golang.org/x/net/http2 instead of the Red Hat Enterprise Linux-provided http2, meaning the fix should be applied at compil...

7.5CVSS6.6AI score0.04561EPSS

Exploits0References4

Positive Technologies•added 2024/05/08 12:0 a.m.•3 views

PT-2024-31138 · Red Hat · Red Hat +1

Name of the Vulnerable Software and Affected Versions: Red Hat OpenStack platform affected versions not specified Description: The issue arises from the etcd package in the Red Hat OpenStack platform using http://golang.org/x/net/http2 instead of the version provided by Red Hat Enterprise Linux...

7.5CVSS7.7AI score0.00768EPSS

Exploits0References10

Positive Technologies•added 2024/05/08 12:0 a.m.•3 views

PT-2024-31139 · Red Hat · Red Hat +1

7.5CVSS7.6AI score0.00768EPSS

Exploits0References10

Positive Technologies•added 2024/05/08 12:0 a.m.•11 views

PT-2024-31140 · Red Hat · Red Hat Openstack Platform 16.1 +3

7.5CVSS6.7AI score0.99999EPSS

Exploits19References11

Cvelist•added 2024/05/07 2:48 p.m.•38 views

CVE-2024-32663 Suricata 's http2 parser contains an improper compressed header handling can lead to resource starvation

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...

7.5CVSS7.7AI score0.00956EPSS

Exploits0References7

Tenable Nessus•added 2024/05/07 12:0 a.m.•34 views

RHEL 9 : git-lfs (RHSA-2024:2724)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2724 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...

7.5CVSS7.3AI score0.91969EPSS

Exploits1References10