CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1391 matches found

OSV•added 2023/01/14 12:30 a.m.•34 views

GHSA-FXG5-WQ6X-VR4W golang.org/x/net/http2/h2c vulnerable to request smuggling attack

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...

7.5CVSS7.5AI score0.00074EPSS

Exploits1References7

Github Security Blog•added 2023/01/14 12:30 a.m.•68 views

golang.org/x/net/http2/h2c vulnerable to request smuggling attack

7.5CVSS7.5AI score0.00074EPSS

Exploits1References7Affected Software1

GitLab Advisory Database•added 2023/01/14 12:0 a.m.•38 views

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

7.5CVSS0.7AI score0.00074EPSS

Exploits1References5Affected Software1

GitLab Advisory Database•added 2023/01/14 12:0 a.m.•41 views

golang.org/x/net/http2/h2c vulnerable to request smuggling attack

7.5CVSS0.9AI score0.00074EPSS

Exploits1References5Affected Software1

OSV•added 2023/01/13 11:15 p.m.•4 views

CVE-2022-41721

7.5CVSS7.3AI score

Exploits0References5

NVD•added 2023/01/13 11:15 p.m.•23 views

CVE-2022-41721

7.5CVSS7.4AI score0.00074EPSS

Exploits1References5

Prion•added 2023/01/13 11:15 p.m.•20 views

Design/Logic Flaw

5CVSS7.3AI score0.00074EPSS

Exploits1References4Affected Software1

UbuntuCve•added 2023/01/13 11:15 p.m.•46 views

CVE-2022-41721

7.5CVSS6.9AI score0.00074EPSS

Exploits1References4

CVE•added 2023/01/13 10:46 p.m.•498 views

CVE-2022-41721

CVE-2022-41721 describes a request-smuggling issue in Go’s HTTP/2 handling via the MaxBytesHandler. When the handler does not fully consume the request body, the server may read HTTP/2 frames from the body stream instead of the network, allowing an attacker to craft body content that represents a...

7.5CVSS7.5AI score0.00074EPSS

Exploits1References5Affected Software1

Debian CVE•added 2023/01/13 10:46 p.m.•43 views

CVE-2022-41721

7.5CVSS6.7AI score0.00074EPSS

Exploits1

Vulnrichment•added 2023/01/13 10:46 p.m.•5 views

CVE-2022-41721 Request smuggling due to improper request handling in golang.org/x/net/http2/h2c

7.6AI score0.00074EPSS

Exploits1References5

OSV•added 2023/01/13 10:39 p.m.•80 views

GO-2023-1495 Request smuggling due to improper request handling in golang.org/x/net/http2/h2c

7.5CVSS7.5AI score0.00074EPSS

Exploits1References2

OSV•added 2023/01/13 11:4 a.m.•1 views

OESA-2023-1031 jetty security update

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

7.5CVSS8.9AI score0.01047EPSS

Exploits0References3

Positive Technologies•added 2023/01/11 12:0 a.m.•44 views

PT-2023-5866

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.57 Bamboo Data Center and Server versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1, and 9.3.0 F5 NGINX products affected versions not specified gRPC-Go versions prior to 1.56.3, 1.57.1, and 1.58.3 IBM HTTP...

7.8CVSS8.5AI score0.94395EPSS

Exploits19

OSV•added 2022/12/08 8:15 p.m.•2 views

AZL-44487 CVE-2022-41717 affecting package podman for versions less than 5.6.1-2

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.00331EPSS

Exploits0References1

vulnersOsv•added 2022/12/05 2:44 p.m.•2 views

grunt-yellowlabtools (>=0.0.1 <=1.2.1), install-is (>=1.4.0 <=1.4.2) +3 more potentially affected by CVE-2022-25906 via is-http2 (>=1.0.4 <=1.2.0)

is-http2 NPM version =1.0.4, =0.0.1, =1.4.0, =1.0.0, =1.10.0, =1.13.4 Source cves: CVE-2022-25906 Source advisory: SNYK:JS-ISHTTP2-3153878...

7.8CVSS7.1AI score0.00362EPSS

Exploits1

Snyk•added 2022/12/05 2:44 p.m.•2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function. PoC javascript var root = require"is-http2" root"./",openssl:"touch JHU" Remediation There is no fixed version for...

7.8CVSS7.3AI score0.00362EPSS

Exploits1References2

RedHat Linux•added 2022/11/28 2:39 p.m.•72 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.11.1 release and security update

A minor version update from 7.11 to 7.11.1 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

9.8CVSS7.1AI score0.94251EPSS

Exploits55References18

CNNVD•added 2022/11/09 12:0 a.m.•2 views

Varnish Cache 安全漏洞

Varnish Cache is a set of reverse web caching servers. A security vulnerability exists in Varnish Cache version 5.x, version 6.x up to and including version 6.0.11, version 7.x up to and including version 7.1.2, and version 7.2.x up to and including version 7.2.1. An attacker exploits this...

7.5CVSS7.4AI score0.00833EPSS

Exploits0References15

Snyk•added 2022/11/03 2:0 p.m.•2 views

Denial of Service (DoS)

Overview apple/swift-nio-http2 is a HTTP/2 support for SwiftNIO. Affected versions of this package are vulnerable to Denial of Service DoS on HTTP/2 servers. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users...

7.8CVSS9.1AI score0.50822EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by