Lucene search
K

111 matches found

BDU FSTEC
BDU FSTEC
added 2021/03/21 12:0 a.m.8 views

The vulnerability of the HPACK decoder in HAProxy server software allows for exploitation by reading data beyond the allowed buffer limits, enabling attackers to cause service failures.

The vulnerability of the HPACK decoder in HAProxy server software relates to reading data from buffer fields beyond their allowable limits. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.5CVSS7AI score0.03009EPSS
Exploits0References6Affected Software2
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.7 views

Buffer Error Vulnerability in Multiple Qualcomm Products

A Qualcomm chip is a chip from Qualcomm Incorporated USA. It is a way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc. and is often fabricated on the surface of semiconductor wafers. A buffer error vulnerability exists in several Qualcomm products, which...

9.1CVSS7.4AI score0.00879EPSS
Exploits0References4
OSV
OSV
added 2020/04/02 3:15 p.m.3 views

ALPINE-CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS8.2AI score0.60727EPSS
Exploits0References1
OSV
OSV
added 2020/04/02 3:15 p.m.1 views

DEBIAN-CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS8.5AI score0.60727EPSS
Exploits0References1
OSV
OSV
added 2020/04/02 12:0 a.m.2 views

UBUNTU-CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS7.3AI score0.60727EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/10/08 10:5 a.m.6 views

haproxy: Out-of-bounds read in HPACK decoder

A flaw was discovered in the HPACK decoder of haproxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...

7.5CVSS7.2AI score0.03009EPSS
Exploits0References5
CNVD
CNVD
added 2017/04/20 12:0 a.m.4 views

Apache Traffic Server Denial of Service Vulnerability (CNVD-2017-06029)

Apache Traffic Server is an efficient and scalable HTTP proxy and caching server . Apache Traffic Server has a security vulnerability that allows remote attackers to exploit the vulnerability to submit a special request and perform HPACK Bomb attacks...

7.8CVSS7.6AI score0.02881EPSS
Exploits0References1
OSV
OSV
added 2017/01/10 3:59 p.m.5 views

UBUNTU-CVE-2016-6581

A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...

7.5CVSS7.1AI score0.01757EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2017/01/10 12:0 a.m.6 views

PT-2017-8994

Name of the Vulnerable Software and Affected Versions Python HPACK library versions 1.0.0 through 2.2.0 Description A denial of service attack, known as an "HPACK Bomb" attack, can be launched against the HTTP/2 implementation built using the Python HPACK library. This occurs when an attacker...

8.7CVSS7.2AI score0.01757EPSS
Exploits0References23
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/07/25 2:15 a.m.4 views

Android OS issue where it is affected by the CRIME attack

Overview The implementation of the TLS protocol in Android OS contains a vulnerability where plaintext HTTP headers may be obtained. The TLS protocol contains a function that compresses data for communications between the client and server. This function does not properly obfuscate the length of...

3.7CVSS9.1AI score0.04266EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2012/08/29 12:0 a.m.36 views

SeaMonkey < 2.12.0 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.12.0. Such versions are potentially affected by the following security issues : - An error exists related to 'Object.defineProperty' and the location object that could allow cross-site scripting attacks. CVE-2012-1956 - Unspecified memory safet...

10CVSS7AI score0.07762EPSS
Exploits2References40
Rows per page
Query Builder