Lucene search
K

5 matches found

OSV
OSV
added 2024/01/26 11:6 a.m.3 views

OESA-2024-1105 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map...

7.5CVSS8.6AI score0.03796EPSS
Exploits1References3
Amazon
Amazon
added 2023/11/14 12:0 a.m.69 views

Important: httpd

Issue Overview: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 A flaw was found in httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that...

7.5CVSS6.3AI score0.70595EPSS
Exploits1
OSV
OSV
added 2023/10/11 10:15 p.m.7 views

AZL-34590 CVE-2023-39325 affecting package cf-cli for versions less than 8.7.3-2

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/11 10:15 p.m.8 views

AZL-33330 CVE-2023-39325 affecting package packer for versions less than 1.8.7-2

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
Amazon
Amazon
added 2023/03/22 12:0 a.m.5 views

Important: golang

Issue Overview: A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. CVE-2021-33196 A validation flaw was found in golang. When invoking functions from WASM modules built...

9.8CVSS7.3AI score0.10299EPSS
Exploits8
Rows per page
Query Builder