Lucene search
K

1355 matches found

OSV
OSV
added 2022/12/08 8:15 p.m.8 views

AZL-33617 CVE-2022-41717 affecting package moby-cli for versions less than 24.0.9-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 8:15 p.m.6 views

AZL-79004 CVE-2022-41717 affecting package golang 1.25.7-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 8:15 p.m.4 views

AZL-37374 CVE-2022-41717 affecting package golang for versions less than 1.21.6-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 8:15 p.m.5 views

AZL-34276 CVE-2022-41717 affecting package nmi for versions less than 1.8.17-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 8:15 p.m.6 views

AZL-33568 CVE-2022-41717 affecting package azcopy for versions less than 10.24.0-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 8:15 p.m.6 views

AZL-11582 CVE-2022-41717 affecting package golang for versions less than 1.21.6-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 8:15 p.m.5 views

AZL-34750 CVE-2022-41717 affecting package golang for versions less than 1.17.13-2,1.18.8-2,1.21.6-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.9AI score0.05623EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/11/28 2:39 p.m.6 views

http2-server: Invalid HTTP/2 requests cause DoS

A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests...

7.5CVSS7.1AI score0.01818EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/11/28 10:37 a.m.51 views

varnish: Request Forgery Vulnerability

An HTTP Request Forgery issue was discovered in Varnish Cache. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could be used to exploit...

7.5CVSS7.2AI score0.00928EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/28 10:33 a.m.7 views

varnish: Request Forgery Vulnerability

An HTTP Request Forgery issue was discovered in Varnish Cache. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could be used to exploit...

7.5CVSS7.2AI score0.00928EPSS
Exploits0References6
Snyk
Snyk
added 2022/11/03 1:40 p.m.3 views

Denial of Service (DoS)

Overview apple/swift-nio-http2 is a HTTP/2 support for SwiftNIO. Affected versions of this package are vulnerable to Denial of Service DoS on HTTP/2 servers. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users...

7.8CVSS9.1AI score0.87806EPSS
Exploits0References2
Snyk
Snyk
added 2022/11/03 1:2 p.m.3 views

Denial of Service (DoS)

Overview apple/swift-nio-http2 is a HTTP/2 support for SwiftNIO. Affected versions of this package are vulnerable to Denial of Service DoS. This can be caused by a network peer sending a specially crafted HTTP/2 frame, due to a logical error when parsing a HTTP/2 HEADERS frame where the frame...

7.5CVSS6.9AI score0.01333EPSS
Exploits0References3
Snyk
Snyk
added 2022/10/21 8:29 p.m.3 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server...

7.5CVSS8AI score0.03481EPSS
Exploits0References2
Snyk
Snyk
added 2022/10/21 8:29 p.m.1 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web serve...

7.5CVSS7AI score0.03481EPSS
Exploits0References2
Snyk
Snyk
added 2022/10/21 8:29 p.m.2 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server...

7.5CVSS7AI score0.03481EPSS
Exploits0References2
Snyk
Snyk
added 2022/10/21 8:29 p.m.2 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server...

7.5CVSS7AI score0.03481EPSS
Exploits0References2
Snyk
Snyk
added 2022/10/21 8:29 p.m.2 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server...

7.5CVSS7AI score0.03481EPSS
Exploits0References2
Snyk
Snyk
added 2022/10/21 8:29 p.m.2 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server...

7.5CVSS7AI score0.03481EPSS
Exploits0References2
Snyk
Snyk
added 2022/10/21 8:29 p.m.4 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server...

7.5CVSS7AI score0.03481EPSS
Exploits0References2
Snyk
Snyk
added 2022/10/21 8:29 p.m.5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server processes certain HTTP/2 and HTTP/3 requests. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users...

7.5CVSS7.9AI score0.03481EPSS
Exploits0References2
Rows per page
Query Builder