CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4432 matches found

Redos•added 2022/02/01 12:0 a.m.•53 views

ROS-20220125-11

A vulnerability in the Http2MultiplexHandler class of the Netty networking software is related to incorrect request processing when converting HTTP/2 stream to HTTP/1.1. The exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity. an attacker acting...

5.9CVSS6.8AI score0.18891EPSS

Exploits0

OpenVAS•added 2022/01/28 12:0 a.m.•33 views

Mageia: Security Advisory (MGASA-2018-0459)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.1AI score0.47057EPSS

Exploits1References3

OpenVAS•added 2022/01/28 12:0 a.m.•20 views

Mageia: Security Advisory (MGASA-2021-0387)

6.5CVSS6.8AI score0.01599EPSS

Exploits0References5

OpenVAS•added 2022/01/28 12:0 a.m.•36 views

Mageia: Security Advisory (MGASA-2019-0260)

7.5CVSS7.3AI score0.72988EPSS

Exploits3References7

OpenVAS•added 2022/01/28 12:0 a.m.•25 views

Mageia: Security Advisory (MGASA-2018-0110)

9.1CVSS9.3AI score0.04642EPSS

Exploits0References5

OpenVAS•added 2022/01/28 12:0 a.m.•21 views

Mageia: Security Advisory (MGASA-2020-0397)

4.3CVSS5.3AI score0.57286EPSS

Exploits0References4

OpenVAS•added 2022/01/28 12:0 a.m.•49 views

Mageia: Security Advisory (MGASA-2020-0331)

7.5CVSS8.1AI score0.87553EPSS

Exploits1References5

OpenVAS•added 2022/01/28 12:0 a.m.•45 views

Mageia: Security Advisory (MGASA-2021-0439)

9.8CVSS9.3AI score0.99999EPSS

Exploits6References8

OpenVAS•added 2022/01/28 12:0 a.m.•25 views

Mageia: Security Advisory (MGASA-2019-0251)

9.8CVSS9.1AI score0.83433EPSS

Exploits2References4

NVD•added 2022/01/25 8:15 p.m.•14 views

CVE-2022-23012

On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not...

7.5CVSS0.0092EPSS

Exploits0References1

Prion•added 2022/01/25 8:15 p.m.•11 views

Code injection

7.1CVSS7.4AI score0.0092EPSS

Exploits0References1Affected Software11

Cvelist•added 2022/01/25 7:11 p.m.•19 views

CVE-2022-23012

7.7AI score0.0092EPSS

Exploits0References1

CVE•added 2022/01/25 7:11 p.m.•90 views

CVE-2022-23012

CVE-2022-23012 affects BIG-IP with HTTP/2 profile configured on a virtual server. Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate, resulting in DoS due to TMM restart. Affected branches include BIG-IP 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5; fixed in...

7.5CVSS7.5AI score0.0092EPSS

Exploits0References1Affected Software11

Kitploit•added 2022/01/24 8:30 p.m.•41 views

Http2Smugl - Tool to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion

This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 - HTTP/1.1 conversion by the frontend server. The scheme is as follows: 1. An attacker sends a crafted HTTP/2 request to the target server, which we call frontend. 2. The request is presumably...

6.9AI score

Exploits0References1

Tenable Nessus•added 2022/01/19 12:0 a.m.•16 views

F5 Networks BIG-IP : HTTP/2 profile vulnerability (K26310765)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.5 / 15.1.4.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K26310765 advisory. - On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is...

7.5CVSS7.4AI score0.0092EPSS

Exploits0References2

RedHat Linux•added 2022/01/17 12:2 p.m.•59 views

Moderate: Red Hat Security Advisory: EAP XP 2 security update to CVE fixes in the EAP 7.3.x base

This advisory resolves CVE issues filed against XP2 releases that have been fixed in the underlying EAP 7.3.x base. There are no changes to the EAP XP2 code base. NOTE: This advisory is informational only. There are no code changes associated with it. No action is required. Red Hat Product Securi...

7.8CVSS6.7AI score0.10448EPSS

Exploits0References10

RedhatCVE•added 2022/01/13 6:47 a.m.•30 views

CVE-2019-11713

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

9.8CVSS2.2AI score0.02149EPSS

Exploits0References3

RedhatCVE•added 2022/01/13 6:33 a.m.•44 views

CVE-2018-14645

A flaw was discovered in the HPACK decoder of haproxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service. Mitigation HTTP/2 support is disabled by default on OpenShift Container Platform 3.11. To mitigate this...

7.5CVSS1.2AI score0.03009EPSS

Exploits0References2

Github Security Blog•added 2022/01/12 10:33 p.m.•77 views

Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints

Impact The net/http Go package has a reported vulnerability tracked under CVE-2021-44716 which allows attacker controlled HTTP/2 requests to trigger unbounded memory usage in HTTP/2 endpoints. gRPC endpoints are not vulnerable as they rely on their own HTTP/2 implementation instead of the net/htt...

7.5CVSS0.1AI score0.03958EPSS

Exploits0References2Affected Software1

OSV•added 2022/01/12 10:33 p.m.•56 views

GHSA-M7VP-HQWV-7M5X Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints

6.5AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by