Lucene search
K

69 matches found

Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.5 views

PT-2026-33367

Name of the Vulnerable Software and Affected Versions spdystream versions prior to 0.5.1 Description The SPDY/3 frame parser fails to validate attacker-controlled counts and lengths before allocating memory. This occurs in three allocation paths: the SETTINGS frame entry count, the header count i...

8.7CVSS5.8AI score0.00656EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/08/20 3:41 p.m.3 views

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...

7.5CVSS7.1AI score0.01898EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/08/20 3:37 p.m.3 views

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...

7.5CVSS7.1AI score0.01898EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/08/20 3:36 p.m.3 views

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...

7.5CVSS7.1AI score0.01898EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/08/20 3:36 p.m.3 views

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...

7.5CVSS7.1AI score0.01898EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/30 3:51 p.m.2 views

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...

7.5CVSS7.1AI score0.01898EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/28 1:56 p.m.4 views

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...

7.5CVSS7.1AI score0.01898EPSS
Exploits0References5
OSV
OSV
added 2025/07/10 8:15 p.m.2 views

DEBIAN-CVE-2025-53506

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1...

7.5CVSS8.5AI score0.01898EPSS
Exploits0References1
OSV
OSV
added 2024/12/16 2:7 p.m.21 views

BIT-NODE-MIN-2020-11080 Denial of service in nghttp2

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...

7.5CVSS6.3AI score0.05316EPSS
Exploits0References15
OSV
OSV
added 2024/03/06 11:8 a.m.29 views

BIT-NODE-2020-11080 Denial of service in nghttp2

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...

7.5CVSS6.3AI score0.05316EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.33 views

Rocky Linux 8 : nodejs:10 (RLSA-2020:2848)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:2848 advisory. - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a...

9.3CVSS7.5AI score0.07646EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2023/06/06 12:0 a.m.31 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : nghttp2 vulnerability (USN-6142-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6142-1 advisory. Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...

7.5CVSS6.9AI score0.05316EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/10/17 12:0 a.m.33 views

Debian DLA-2786-1 : nghttp2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2786 advisory. - nghttp2 version = 1.10.0 and nghttp2 = 1.31.1. CVE-2018-1000168 - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial ...

7.5CVSS7AI score0.10782EPSS
Exploits0References7
OSV
OSV
added 2021/09/09 10:15 p.m.20 views

CVE-2021-39162

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted upstream servers. 0.15.1 contains an upgraded envoy binary...

8.6CVSS8.4AI score
Exploits0References3
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.6 views

Caleb Doxsey pomerium 代码问题漏洞

Caleb Doxsey pomerium is a Caleb Doxsey open source application. An identity agent that allows secure access to internal applications. A code issue vulnerability exists in Pomerium that stems from the fact that the Envoy on which Pomerium is based may terminate abnormally if an H/2 GOAWAY and...

8.6CVSS8AI score0.01638EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/08/24 12:0 a.m.2 views

PT-2021-19926 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.18.4 Envoy versions prior to 1.19.1 Description: Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions, Envoy transitions a H/2 connecti...

8.6CVSS7.4AI score0.0123EPSS
Exploits0References13
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.35 views

SUSE: Security Advisory (SUSE-SU-2021:0931-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.3AI score0.05316EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/04/16 12:0 a.m.16 views

openSUSE: Security Advisory for nghttp2 (openSUSE-SU-2021:0468-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.8AI score0.05316EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/03/26 12:0 a.m.57 views

SUSE SLES15 Security Update : nghttp2 (SUSE-SU-2021:0931-1)

This update for nghttp2 fixes the following issues : CVE-2020-11080: HTTP/2 Large Settings Frame DoS bsc1181358 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as...

7.5CVSS6.8AI score0.05316EPSS
Exploits0References5
OPENSUSE Linux
OPENSUSE Linux
added 2021/03/25 12:0 a.m.42 views

Security update for nghttp2 (important)

openSUSE Security Update: Security update for nghttp2 Announcement ID: openSUSE-SU-2021:0468-1 Rating: important References: 1172442 1181358 Cross-References: CVE-2020-11080 CVSS scores: CVE-2020-11080 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-11080 SUSE: 7.5...

7.5CVSS6.6AI score0.05316EPSS
Exploits0References2
Rows per page
Query Builder