Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/04/16 4:38 p.m.14 views

Security Bulletin: Multiple security vulnerabilities affect Go related packages shipped with IBM CICS TX Standard.

Summary Security vulnerabilities affect Go packages that are shipped with IBM CICS TX Standard. Go modules are used by IBM CICS TX Standard to simplify dependency management. It is possible for sensitive information to be exposed through data queries with an attacker causing an HTTP/2 endpoint to...

9.8CVSS7.3AI score0.64852EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/01/28 9:51 p.m.15 views

Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) affects IBM Watson CP4D Data Stores

Summary A potential denial of service vulnerability CVE-2024-399088 has been identified related to Ruby REXML that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: A...

7.5CVSS7.1AI score0.64852EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessusadded 2024/10/14 12:0 a.m.16 views

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2024-735)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-735 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing...

9.8CVSS7.8AI score0.64852EPSS
Exploits1References6
Tenable Nessus
Tenable Nessusadded 2024/08/21 12:0 a.m.16 views

Amazon Linux 2 : oci-add-hooks (ALASNITRO-ENCLAVES-2024-043)

The version of oci-add-hooks installed on the remote host is prior to 0-0.2.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2024-043 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...

7.5CVSS7.6AI score0.64852EPSS
Exploits1References4
Amazon
Amazonadded 2024/08/06 12:0 a.m.23 views

Medium: nerdctl

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

9.8CVSS7.8AI score0.64852EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2024/07/22 12:0 a.m.31 views

EulerOS 2.0 SP8 : golang (EulerOS-SA-2024-2030)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...

7.5CVSS7.8AI score0.64852EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2024/07/03 12:0 a.m.25 views

CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns (CVE-2023-45288)

The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45288 advisory. - An attacker May cause an HTTP/...

7.5CVSS7.5AI score0.64852EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2024/06/25 12:0 a.m.38 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1835)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affec...

7.5CVSS7.4AI score0.64852EPSS
Exploits1References7
Tenable Nessus
Tenable Nessusadded 2024/06/25 12:0 a.m.26 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2024-1814)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affec...

7.5CVSS7.4AI score0.64852EPSS
Exploits1References7
Tenable Nessus
Tenable Nessusadded 2024/06/12 12:0 a.m.55 views

Amazon Linux 2 : cri-tools (ALAS-2024-2568)

The version of cri-tools installed on the remote host is prior to 1.29.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2568 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...

7.5CVSS7.4AI score0.64852EPSS
Exploits1References6
Amazon
Amazonadded 2024/05/30 12:0 a.m.31 views

Medium: golist

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS8AI score0.64852EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2024/05/28 12:0 a.m.38 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-629)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-629 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing...

7.5CVSS7.4AI score0.64852EPSS
Exploits1References14
Tenable Nessus
Tenable Nessusadded 2024/05/28 12:0 a.m.24 views

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2024-631)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-631 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP clie...

7.5CVSS7.7AI score0.64852EPSS
Exploits1References6
Tenable Nessus
Tenable Nessusadded 2024/05/14 12:0 a.m.38 views

Rocky Linux 9 : git-lfs (RLSA-2024:2724)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2724 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining...

7.5CVSS7.5AI score0.64852EPSS
Exploits1References9
Tenable Nessus
Tenable Nessusadded 2024/05/02 12:0 a.m.41 views

RHCOS 4 : OpenShift Container Platform 4.14.22 (RHSA-2024:1897)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1897 advisory. - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 - golang-fips/openssl: Memory lea...

7.5CVSS7.2AI score0.64852EPSS
Exploits1References6
Tenable Nessus
Tenable Nessusadded 2024/05/01 12:0 a.m.31 views

CentOS 7 : rhc-worker-script (RHSA-2024:2625)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2625 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK sta...

7.5CVSS7.6AI score0.64852EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2024/04/29 12:0 a.m.27 views

Fedora 40 : kubernetes (2024-ce2eefc399)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ce2eefc399 advisory. Update Kubernetes to v1.29.4 for Fedora 40. Resolves CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugi...

7.5CVSS7.5AI score0.64852EPSS
Exploits2References3
Tenable Nessus
Tenable Nessusadded 2024/04/09 12:0 a.m.25 views

SUSE SLES12 Security Update : go1.22 (SUSE-SU-2024:1160-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1160-1 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames...

7.5CVSS7.6AI score0.64852EPSS
Exploits1References5
Debian CVE
Debian CVEadded 2024/04/04 8:37 p.m.72 views

CVE-2023-45288

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7.9AI score0.64852EPSS
Exploits1
AlpineLinux
AlpineLinuxadded 2024/04/04 8:37 p.m.92 views

CVE-2023-45288

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS8.3AI score0.64852EPSS
Exploits1
Rows per page
Query Builder