CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

29 matches found

OSV•added 6 days ago•4 views

GHSA-W4C6-7R69-W7J9 klever-go: REST API slow-header connection exhaustion via Gin Engine.Run

Summary The Klever seednode REST API starts a Gin engine with Engine.RunrestAPIInterface. In Gin v1.9.1, Engine.Run calls Go's default http.ListenAndServe, which constructs an HTTP server without application-level ReadHeaderTimeout, ReadTimeout, or MaxHeaderBytes limits. An unauthenticated client...

7.5CVSS5.6AI score

Exploits0References3

Positive Technologies•added 6 days ago•5 views

PT-2026-48347

Summary The Klever seednode REST API starts a Gin engine with Engine.RunrestAPIInterface. In Gin v1.9.1, Engine.Run calls Go's default http.ListenAndServe, which constructs an HTTP server without application-level ReadHeaderTimeout, ReadTimeout, or MaxHeaderBytes limits. An unauthenticated client...

7.5CVSS5.5AI score

Exploits0References4

Amazon•added 2024/10/02 12:0 a.m.•5 views

Medium: amazon-ssm-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

9.8CVSS6.8AI score0.69905EPSS

Amazon•added 2024/05/30 12:0 a.m.•3 views

Medium: amazon-cloudwatch-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.9AI score0.69905EPSS

OSV•added 2024/04/04 9:15 p.m.•2 views

AZL-39484 CVE-2023-45288 affecting package etcd for versions less than 3.5.12-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•2 views

AZL-38395 CVE-2023-45288 affecting package containerd for versions less than 1.7.13-6

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•5 views

AZL-38338 CVE-2023-45288 affecting package docker-cli for versions less than 25.0.7-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•4 views

DEBIAN-CVE-2023-45288

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.9AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•2 views

AZL-38260 CVE-2023-45288 affecting package docker-buildx for versions less than 0.14.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•3 views

AZL-39634 CVE-2023-45288 affecting package kata-containers-cc for versions less than 3.2.0.azl4-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•8 views

AZL-39238 CVE-2023-45288 affecting package vitess for versions less than 16.0.2-8

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•3 views

AZL-39445 CVE-2023-45288 affecting package kured for versions less than 1.14.2-3

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•4 views

AZL-39268 CVE-2023-45288 affecting package helm for versions less than 3.14.2-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•5 views

AZL-39678 CVE-2023-45288 affecting package prometheus for versions less than 2.45.4-4

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•3 views

AZL-38659 CVE-2023-45288 affecting package flannel for versions less than 0.24.2-10

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•3 views

AZL-38302 CVE-2023-45288 affecting package cf-cli for versions less than 8.7.3-6

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•3 views

AZL-38284 CVE-2023-45288 affecting package kured for versions less than 1.15.0-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•2 views

AZL-39022 CVE-2023-45288 affecting package ig for versions less than 0.29.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•5 views

AZL-39235 CVE-2023-45288 affecting package kubernetes for versions less than 1.28.4-7

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.69905EPSS

Exploits1References1

OSV•added 2024/04/04 9:15 p.m.•5 views

AZL-39487 CVE-2023-45288 affecting package cri-tools for versions less than 1.29.0-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.69905EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by