Lucene search
K

12 matches found

OSV
OSV
added last week2 views

OPENSUSE-SU-2026:21210-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

10CVSS7AI score0.91969EPSS
Exploits3References31
OSV
OSV
added 2026/03/12 8:57 p.m.8 views

GO-2026-4684 Traefik: HTTP/2 frames can cause a running server to panic in github.com/traefik/traefik

Traefik: HTTP/2 frames can cause a running server to panic in github.com/traefik/traefik...

5.8AI score
Exploits0References3
NVD
NVD
added 2025/10/21 8:20 p.m.5 views

CVE-2025-61752

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server...

7.5CVSS0.00363EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.2 views

SUSE SLES15: tomcat10 / tomcat10-admin-webapps / tomcat10-doc / etc (SUSE-SU-2025:02978-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02978-1 advisory. Updated to Tomcat 10.1.43i: - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configuration...

7.5CVSS7.3AI score0.03163EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/07/25 3:4 p.m.2 views

jetty: stop accepting new connections from valid clients

A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file...

7.5CVSS7AI score0.01433EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/26 4:36 a.m.3 views

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

7.5CVSS7.2AI score0.91969EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/04/22 8:41 a.m.4 views

Mozilla: Denial of Service using HTTP/2 CONTINUATION frames

The Mozilla Foundation Security Advisory describes this flaw as: There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser...

3.7CVSS7.3AI score0.00759EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/07/28 12:0 a.m.5 views

The vulnerability of the Envoy proxy server, related to errors in processing mixed-case schemes in HTTP/2, allows attackers to gain access to protected data.

The vulnerability of the Envoy proxy server is related to errors in the processing of mixed-case schemes in HTTP/2. Exploiting this vulnerability can allow a remote attacker to gain access to protected data...

8.5CVSS6.7AI score0.00598EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2023/02/23 12:1 a.m.10 views

http2-server: Invalid HTTP/2 requests cause DoS

A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests...

7.5CVSS7.1AI score0.0227EPSS
Exploits0References5
OSV
OSV
added 2020/12/03 7:15 p.m.5 views

AZL-7384 CVE-2020-17527 affecting package tomcat 9.0.39-6

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this...

7.5CVSS6.7AI score0.24622EPSS
Exploits0References1
OSV
OSV
added 2020/04/07 12:10 p.m.3 views

USN-4321-1 haproxy vulnerability

Felix Wilhelm discovered that HAProxy incorrectly handled certain HTTP/2 requests. An attacker could possibly use this to execute arbitrary code...

8.8CVSS7.2AI score0.60727EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/03/05 12:53 p.m.2 views

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.25448EPSS
Exploits0References6
Rows per page
Query Builder