Lucene search
K

656 matches found

OSV
OSV
added 2023/10/11 10:15 p.m.5 views

AZL-34963 CVE-2023-39325 affecting package local-path-provisioner for versions less than 0.0.24-3

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/11 10:15 p.m.15 views

AZL-39637 CVE-2023-39325 affecting package kata-containers-cc for versions less than 3.2.0.azl4-1

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/11 10:15 p.m.12 views

AZL-35070 CVE-2023-39325 affecting package opa for versions less than 0.50.2-6

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
Snyk
Snyk
added 2023/10/11 4:49 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause...

8.7CVSS6.8AI score0.03796EPSS
Exploits0References3
OSV
OSV
added 2023/10/10 2:15 p.m.6 views

AZL-31346 CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7AI score0.99999EPSS
Exploits19References1
OSV
OSV
added 2023/10/10 2:15 p.m.8 views

AZL-31335 CVE-2023-44487 affecting package nmi for versions less than 1.8.7-14

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7AI score0.99999EPSS
Exploits19References1
OSV
OSV
added 2023/10/10 2:15 p.m.13 views

AZL-33343 CVE-2023-44487 affecting package helm for versions less than 3.14.0-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References1
OSV
OSV
added 2023/10/10 2:15 p.m.5 views

DEBIAN-CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.8AI score0.99999EPSS
Exploits19References1
OSV
OSV
added 2023/10/10 2:15 p.m.10 views

AZL-35117 CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References1
OSV
OSV
added 2023/10/10 2:15 p.m.9 views

AZL-31340 CVE-2023-44487 affecting package packer for versions less than 1.8.1-14

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References1
OSV
OSV
added 2023/10/10 2:15 p.m.9 views

AZL-31326 CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References1
OSV
OSV
added 2023/10/10 2:15 p.m.5 views

AZL-34619 CVE-2023-44487 affecting package containerd for versions less than 1.7.13-3

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References1
OSV
OSV
added 2023/08/15 7:15 p.m.3 views

CVE-2023-4329

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...

9.8CVSS5.8AI score0.00588EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2023/08/08 7:0 a.m.0 views

protocol-http1 HTTP Request/Response Smuggling vulnerability

...

5.8CVSS5.5AI score0.00637EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/07/24 12:0 a.m.5 views

The vulnerability of the Application Express component in the Oracle Application Express development environment allows access to data modification, addition, deletion, or partial service disruption.

The vulnerability of the Application Express development environment for Oracle Application Express is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to modify, add, or delete data, or cause a partial service...

5.6CVSS6.7AI score0.00321EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.6 views

The vulnerability of the iSurvey Module component of the software for creating and processing scenarios in Oracle Scripting of the Oracle E-Business Suite allows a perpetrator to gain access to read data and modify it.

The vulnerability of the iSurvey Module component of the software for creating and processing scenarios in Oracle Scripting, a system for automating business activities within the Oracle E-Business Suite, exists due to insufficient verification of input data. Exploiting this vulnerability can all...

6.4CVSS6.8AI score0.00363EPSS
Exploits0References2Affected Software2
RedHat Linux
RedHat Linux
added 2023/07/13 12:11 p.m.6 views

Mozilla: Use-after-free in WebRTC certificate generation

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS...

8.8CVSS7.2AI score0.00696EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/07/04 12:0 a.m.3 views

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a resource management error vulnerability that can be exploited by an attacker to trigger post-release reuse when creating a WebRTC connection over HTTPS...

8.8CVSS6.5AI score0.00696EPSS
Exploits0References16
OSV
OSV
added 2023/06/15 10:15 p.m.2 views

CVE-2023-23841

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/06/13 3:19 p.m.5 views

golang: net/http, net/textproto: denial of service from excessive memory allocation

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

7.5CVSS6.7AI score0.01888EPSS
Exploits0References6
Rows per page
Query Builder