Lucene search
K

656 matches found

RedHat Linux
RedHat Linux
added 2023/05/09 10:3 a.m.0 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02513EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/05/09 9:50 a.m.1 views

golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...

5.3CVSS6.6AI score0.05623EPSS
Exploits0References9
OSV
OSV
added 2023/04/18 8:15 p.m.5 views

CVE-2023-21936

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

5.4CVSS6.7AI score0.00376EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.4 views

Oracle Health Sciences Applications 安全漏洞

Oracle Health Sciences Applications is a suite of clinical development solutions for the healthcare industry from Oracle Corporation. A security vulnerability exists in the Core component of Oracle Health Sciences Applications version 6.3.1.3 and earlier and version 7.0.0.1 and earlier. A...

5.4CVSS6.9AI score0.00408EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.2 views

Oracle Siebel CRM 安全漏洞

Oracle Siebel CRM is a set of customer relationship management solutions from Oracle Oracle. The solution includes modules for sales management, marketing management, customer service system, and call center. A security vulnerability exists in Oracle Siebel CRM version 23.3 and earlier versions,...

6.5CVSS7.2AI score0.00615EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/03/29 11:45 a.m.6 views

undertow: Server identity in https connection is not checked by the undertow client

A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step that should at least be performed by default in HTTPS and in http/2...

7.5CVSS5.7AI score0.00596EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/03/15 7:58 p.m.2 views

golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...

5.3CVSS6.6AI score0.05623EPSS
Exploits0References9
Brave Browser
Brave Browser
added 2023/03/10 2:31 a.m.9 views

Brave Android 1.49.122 Security Fixes

Restricted QR scanner to only open HTTP/HTTPS URL schemas rather than allowing any valid URL schema to be opened. Upgraded Chromium to 111.0.5563.64 — refer to Google Chrome advisories for inherited CVEs...

5.8AI score
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.2 views

Hyperium Hyper 安全漏洞

hyperium hyper is an open source HTTP library for Rust. It is intended to be a building block for libraries and applications. A security vulnerability exists in Hyperium Hyper prior to version 0.14.19. An attacker exploited the vulnerability to perform HTTP2 attacks...

7.5CVSS7.7AI score0.01085EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/16 3:2 a.m.2 views

SUSE CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

6.5CVSS8.5AI score0.01703EPSS
Exploits1References93
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.3 views

SUSE CVE-2009-2622

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including 1 "missing or mismatched protocol identifier," 2 missing or negative status value," 3 "missing version," or 4 "missing or invalid status number," related t...

5CVSS6.8AI score0.56908EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.2 views

SUSE CVE-2013-2074

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message...

2.8CVSS7AI score0.0198EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.6 views

SUSE CVE-2014-0040

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download 1 packages and 2 signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors...

4.3CVSS6.9AI score0.01466EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:23 a.m.3 views

SUSE CVE-2015-0251

The moddavsvn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences...

4CVSS6.8AI score0.07558EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.3 views

SUSE CVE-2019-0199

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servle...

7.5CVSS6.9AI score0.72855EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.4 views

SUSE CVE-2019-16276

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling...

6.5CVSS8.9AI score0.05157EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.3 views

SUSE CVE-2019-18277

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...

5.9CVSS8.2AI score0.10024EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.2 views

SUSE CVE-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

6.5CVSS8.4AI score0.03692EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

9.1CVSS7AI score0.46179EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2023/02/07 4:58 p.m.1 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02513EPSS
Exploits0References6
Rows per page
Query Builder