CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2166 matches found

RedHat Linux•added 2022/02/21 9:4 a.m.•2 views

ruby: Potential HTTP request smuggling in WEBrick

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

7.5CVSS7.2AI score0.03772EPSS

Exploits0References5

RedHat Linux•added 2022/02/21 8:55 a.m.•4 views

ruby: Potential HTTP request smuggling in WEBrick

7.5CVSS7.2AI score0.03772EPSS

Exploits0References5

CNVD•added 2022/02/18 12:0 a.m.•63 views

Containous Traefik Trust Management Issue Vulnerability (CNVD-2022-13371)

Containous Traefik is a reverse proxy and load balancer from Containous, U.S. Containous Traefik is vulnerable to a trust management issue that stems from the fact that when a request is sent using an FQDN processed by a router configured with a dedicated TLS configuration, the TLS configuration...

7.5CVSS1.7AI score0.01688EPSS

Exploits0References1

Snyk•added 2022/02/17 5:36 p.m.•2 views

Race Condition

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Race Condition. Go Vulnerability Report: HTTP servers where the Handler concurrently reads the request body and writes a response can encounter a data race and crash. The...

8.2CVSS6.7AI score0.02893EPSS

Exploits0References3

Snyk•added 2022/02/17 5:33 p.m.•2 views

Missing Authorization

Overview std/net/http/httputil is a Go standard library package std/net/http/httputil Affected versions of this package are vulnerable to Missing Authorization. Go Vulnerability Report: ReverseProxy can be made to forward certain hop-by-hop headers, including Connection. If the target of the...

6.9CVSS6.9AI score0.0226EPSS

Exploits1References3

Snyk•added 2022/02/17 5:32 p.m.•5 views

Race Condition

Overview std/net/http/httputil is a Go standard library package std/net/http/httputil Affected versions of this package are vulnerable to Race Condition. Go Vulnerability Report: ReverseProxy can panic after encountering a problem copying a proxied response body. Remediation Upgrade...

8.2CVSS6.8AI score0.03128EPSS

Exploits0References3

NVD•added 2022/02/17 3:15 p.m.•48 views

CVE-2022-23632

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security TLS configuration when the host header is a fully qualified domain name FQDN. For a request, the TLS configuration choice can be different than the router choice, which...

7.5CVSS0.01688EPSS

Exploits0References4

Prion•added 2022/02/17 3:15 p.m.•27 views

Default configuration

6.8CVSS7.9AI score0.01688EPSS

Exploits0References4Affected Software2

CVE•added 2022/02/17 2:55 p.m.•126 views

CVE-2022-23632

CVE-2022-23632 affects Traefik (HTTP reverse proxy/load balancer). Prior to v2.6.1, when the host header is an FQDN, the router’s TLS configuration can be ignored and a different TLS setup may be applied, potentially using the default TLS configuration instead of the configured one. If CNAME flat...

7.5CVSS7.5AI score0.01688EPSS

Exploits0References4Affected Software1

OSV•added 2022/02/17 2:55 p.m.•18 views

CVE-2022-23632 Traefik skips the router TLS configuration when the host header is an FQDN

7.4CVSS8.1AI score0.01688EPSS

Exploits0References6

NVD•added 2022/02/15 4:15 p.m.•22 views

CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

7.5CVSS0.05994EPSS

Exploits0References22

Prion•added 2022/02/15 4:15 p.m.•30 views

Design/Logic Flaw

5CVSS8.5AI score0.05994EPSS

Exploits0References22Affected Software3

UbuntuCve•added 2022/02/15 4:15 p.m.•57 views

CVE-2022-21698

7.5CVSS6.8AI score0.05994EPSS

Exploits0References5

OSV•added 2022/02/15 1:57 a.m.•29 views

GHSA-VX57-7F4Q-FPC7 Arbitrary redirects under /new endpoint

Impact In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a...

6.1CVSS6.4AI score0.1956EPSS

Exploits0References4

Cvelist•added 2022/02/15 12:0 a.m.•31 views

CVE-2022-21698 Uncontrolled Resource Consumption in promhttp

7.5CVSS8.9AI score0.05994EPSS

Exploits0References22

OSV•added 2022/02/15 12:0 a.m.•31 views

CVE-2022-21698 Uncontrolled Resource Consumption in promhttp

7.5CVSS7.5AI score0.05994EPSS

Exploits0References24

AlpineLinux•added 2022/02/15 12:0 a.m.•36 views

CVE-2022-21698

7.5CVSS9.7AI score0.05994EPSS

Exploits0

Debian CVE•added 2022/02/15 12:0 a.m.•52 views

CVE-2022-21698

7.5CVSS8.6AI score0.05994EPSS

Exploits0

NVD•added 2022/02/01 1:15 p.m.•19 views

CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

7.4CVSS0.02667EPSS

Exploits1References2

Prion•added 2022/02/01 1:15 p.m.•13 views

Design/Logic Flaw

4.3CVSS5.7AI score0.02667EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by