Lucene search
K

187 matches found

OSV
OSV
added 2025/02/07 7:15 a.m.7 views

AZL-56476 CVE-2025-23085 affecting package nodejs18 for versions less than 18.20.3-3

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...

5.3CVSS6.7AI score0.01327EPSS
Exploits0References1
OSV
OSV
added 2025/02/07 7:15 a.m.2 views

DEBIAN-CVE-2025-23085

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...

5.3CVSS6.5AI score0.01327EPSS
Exploits0References1
OSV
OSV
added 2025/02/07 7:15 a.m.3 views

UBUNTU-CVE-2025-23085

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...

5.3CVSS6.8AI score0.01327EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/04/12 12:49 p.m.5 views

tomcat: request smuggling

A flaw was found in Apache Tomcat. If the server is configured to ignore invalid HTTP headers, the server does not reject a request containing an invalid content-length header, making it vulnerable to a request smuggling attack...

7.5CVSS6.8AI score0.01448EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/04/12 12:30 p.m.6 views

tomcat: request smuggling

A flaw was found in Apache Tomcat. If the server is configured to ignore invalid HTTP headers, the server does not reject a request containing an invalid content-length header, making it vulnerable to a request smuggling attack...

7.5CVSS6.8AI score0.01448EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.5 views

SUSE CVE-2009-0033

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

5CVSS4.8AI score0.10053EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.5 views

SUSE CVE-2018-19158

ColossusCoinXT through 1.0.5 a chain-based proof-of-stake cryptocurrency allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk...

7.5CVSS7AI score0.02597EPSS
Exploits0References2
OSV
OSV
added 2022/11/01 9:15 a.m.1 views

DEBIAN-CVE-2022-42252

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a...

7.5CVSS6.9AI score0.01448EPSS
Exploits0References1
Veracode
Veracode
added 2022/08/21 2:52 a.m.19 views

Improper Input Validation

trafficserver is vulnerable to improper input validation. The vulnerability exists in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers...

7.5CVSS7.2AI score0.01849EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2022/08/18 3:12 p.m.4 views

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

6.5CVSS6.6AI score0.01113EPSS
Exploits1References6
CNVD
CNVD
added 2022/08/15 12:0 a.m.21 views

Apache Traffic Server Input Validation Error Vulnerability (CNVD-2023-03926)

Apache Traffic Server ATS is a set of scalable HTTP proxy and caching servers from the Apache Foundation. Apache Traffic Server versions 8.0.0 through 9.1.2 are vulnerable to an input validation error, which could be exploited by an attacker to send invalid headers...

7.5CVSS2.1AI score0.01849EPSS
Exploits0References1
OSV
OSV
added 2022/08/10 8:15 p.m.2 views

UBUNTU-CVE-2022-1705

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...

6.5CVSS6.7AI score0.01113EPSS
Exploits1References5
OSV
OSV
added 2022/08/10 6:15 a.m.1 views

DEBIAN-CVE-2022-28129

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

7.5CVSS7.3AI score0.01849EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/10 12:0 a.m.2 views

PT-2022-18829

Name of the Vulnerable Software and Affected Versions Apache Traffic Server versions 8.0.0 through 9.1.2 Description The issue is related to improper input validation in HTTP/1.1 header parsing, allowing an attacker to send invalid headers. Recommendations For Apache Traffic Server versions 8.0.0...

7.5CVSS7.1AI score0.01849EPSS
Exploits0References16
CNNVD
CNNVD
added 2022/08/10 12:0 a.m.5 views

Apache Traffic Server 输入验证错误漏洞

Apache Traffic Server ATS is a set of scalable HTTP proxy and caching servers from the Apache Foundation. Apache Traffic Server versions 8.0.0 through 9.1.2 are vulnerable to an input validation error, which could be exploited by an attacker to send invalid headers...

7.5CVSS6.8AI score0.01849EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2022/08/01 4:7 p.m.5 views

golang: net/http: improper sanitization of Transfer-Encoding header

A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid...

6.5CVSS6.6AI score0.01113EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/05/21 12:0 a.m.6 views

PT-2022-20652 · Solana · Solana Rbpf

Name of the Vulnerable Software and Affected Versions: Solana solana rbpf versions prior to 0.2.29 Description: The issue is related to an addition integer overflow that can occur due to invalid ELF program headers. This can cause a panic in the elf.rs module when a malformed eBPF program is...

7.5CVSS7.4AI score0.01274EPSS
Exploits1References7
OSV
OSV
added 2022/05/02 3:12 a.m.33 views

GHSA-5CW4-GGX9-36VG Apache Tomcat Denial of Service via Malformed Request Headers

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

5CVSS4.7AI score0.10053EPSS
Exploits1References45
Veracode
Veracode
added 2020/08/06 9:27 p.m.15 views

Denial Of Service (DoS)

php5 is vulnerable to denial of service DoS. The vulnerability exists as ColossusCoinXT through 1.0.5 a chain-based proof-of-stake cryptocurrency allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid...

7.5CVSS4.5AI score0.02597EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.10 views

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82813EPSS
Exploits0References9
Rows per page
Query Builder