Lucene search
K

38 matches found

FreeBSD
FreeBSD
added 2023/10/19 12:0 a.m.83 views

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 CVE-2023-31122: modmacro buffer over-read...

7.5CVSS7.2AI score0.70595EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/08/14 12:0 a.m.29 views

Amazon Linux 2 : cni-plugins (ALAS-2023-2192)

The version of cni-plugins installed on the remote host is prior to 1.2.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2192 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the preceding description block...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.34 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2292)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 4:4 p.m.36 views

Security Bulletin: IBM Storage Protect server is vulnerable to a denial of service attack due to Golang Go (CVE-2022-41723)

Summary IBM Storage Protect Server component OSSM may be vulnerable in Golang Go, causing denial of service Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sending a specially-crafted HTTP/2 stream, ...

7.5CVSS7.5AI score0.04561EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.74 views

SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2023:0871-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0871-1 advisory. This update of container-suseconnect fixes the following issue: - container-suseconnect was rebuilt against the current go1.19...

7.5CVSS6.7AI score0.04561EPSS
Exploits0References17
NVD
NVD
added 2023/02/28 6:15 p.m.25 views

CVE-2022-41723

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

7.5CVSS7.5AI score0.04561EPSS
Exploits0References15
Vulnrichment
Vulnrichment
added 2023/02/28 5:19 p.m.9 views

CVE-2022-41723 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

6.9AI score0.04561EPSS
Exploits0References14
AlpineLinux
AlpineLinux
added 2023/02/28 5:19 p.m.74 views

CVE-2022-41723

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

7.5CVSS7.8AI score0.04561EPSS
Exploits0
Veracode
Veracode
added 2023/02/26 12:22 p.m.37 views

Denial Of Service (DoS)

github.com/golang/net is vulnerable to Denial of Service DoS attacks. An attacker is able to cause excessive CPU consumption through the HPACK decoder via a small number of maliciously crafted HTTP/2 stream requests, resulting in an application crash...

7.5CVSS7.3AI score0.04561EPSS
Exploits0References18Affected Software2
OSV
OSV
added 2023/02/16 10:31 p.m.48 views

GO-2023-1571 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

7.5CVSS7.6AI score0.04561EPSS
Exploits0References4
CNVD
CNVD
added 2022/02/24 12:0 a.m.32 views

Envoy Resource Management Error Vulnerability (CNVD-2022-15542)

Envoy is an open source distributed proxy server. Envoy is vulnerable to a resource management error that occurs when configuring "envoyv3apifieldextensions.filters.network.tcpproxy.v3. tunnelingconfig" crashes and the downstream connection is disconnected while the upstream connection or http/2...

7.5CVSS2.7AI score0.01046EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/20 2:40 p.m.56 views

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect Rational Build Forge (CVE-2018-1283, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2017-15710, CVE-2017-15715, CVE-2018-1301)

Summary There are multiple vulnerabilities in Apache HTTP Server affecting IBM Rational Build Forge. Vulnerability Details CVEID: CVE-2018-1283 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by an error when modsession is configured with SessionEnv...

9.8CVSS0.4AI score0.86006EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/05/10 12:0 a.m.44 views

openSUSE Security Update : apache2 (openSUSE-2018-438)

This update for apache2 fixes the following issues : - CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814. -...

9.8CVSS6.5AI score0.86006EPSS
Exploits0References13
Amazon
Amazon
added 2018/05/03 12:0 a.m.66 views

Medium: httpd24

Issue Overview: Use-after-free on HTTP/2 stream shutdown When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this...

9.8CVSS7.3AI score0.86006EPSS
Exploits0
ALT Linux
ALT Linux
added 2018/03/31 12:0 a.m.45 views

Security fix for the ALT Linux 9 package apache2 version 1:2.4.33-alt1

March 31, 2018 Anton Farygin 1:2.4.33-alt1 - 2.4.33 - fixes: CVE-2018-1303 low: Possible out of bound read in modcachesocache CVE-2018-1302 low: Possible write of after free on HTTP/2 stream shutdown CVE-2018-1301 low: Possible out of bound access after failure in reading the HTTP request...

6.8CVSS7.2AI score0.86006EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2018/03/26 3:49 p.m.30 views

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

5.9CVSS2.9AI score0.13436EPSS
Exploits0References2
OSV
OSV
added 2018/03/26 3:29 p.m.25 views

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

5.9CVSS6.8AI score
Exploits0References23
Debian CVE
Debian CVE
added 2018/03/26 3:0 p.m.40 views

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

5.9CVSS6.7AI score0.13436EPSS
Exploits0
Rows per page
Query Builder