Lucene search
+L

73 matches found

osv
osv
added 2026/06/22 5:40 a.m.4 views

BIT-ENVOY-2026-47774 Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS6AI score0.00815EPSS
Exploits1References11
osv
osv
added 2026/06/12 2:59 p.m.4 views

CVE-2026-50560 Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting in the http2 specification called...

6.9CVSS5.9AI score0.00302EPSS
Exploits0References6
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Apache2

Double-free operations and a potential RCE vulnerability exist in the Apache HTTP Server with the HTTP/2 protocol. This issue affects the Apache HTTP Server version 2.4.66. Users are recommended to upgrade to version 2.4.67, as this version fixes the vulnerability...

8.8CVSS5.7AI score0.4581EPSS
Exploits16References2
nvd
nvd
added 2026/05/13 4:16 p.m.21 views

CVE-2026-42926

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS0.00339EPSS
Exploits1References1
githubexploit
githubexploit
added 2026/04/24 3:5 a.m.131 views

Exploit for Uncontrolled Resource Consumption in Ietf Http

!/usr/bin/env python3 """ Evidencia CVE-2023-44487 HTTP/2 Rapi...

7.5CVSS5.9AI score0.99999EPSS
Exploits19
osv
osv
added 2026/04/12 8:16 p.m.8 views

DEBIAN-CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service daemon panic for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is...

7.5CVSS5.6AI score0.00236EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/25 12:0 a.m.21 views

PT-2026-27961

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.4.0 and earlier Mattermost versions 11.3.1 and earlier Mattermost versions 11.2.3 and earlier Mattermost versions 10.11.11 and earlier Description The software does not adequately limit the rate of login requests. This...

6.5CVSS5.9AI score0.60368EPSS
Exploits18References43
cnnvd
cnnvd
added 2026/03/11 12:0 a.m.7 views

Eugene AdGuard Home 授权问题漏洞

Eugene AdGuard Home is an open-source application developed by Eugene. It provides a full-network software solution for blocking advertisements and tracking. Versions of Eugene AdGuard Home prior to 0.107.73 had an authorization issue vulnerability. This vulnerability stemmed from an unverified...

9.8CVSS7.3AI score0.00735EPSS
Exploits2References1
nessus
nessus
added 2026/02/05 12:0 a.m.13 views

Debian dsa-6120 : libtomcat10-embed-java - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6120 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6120-1 [email protected]...

9.8CVSS6.9AI score0.66933EPSS
Exploits12References29
nessus
nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : haproxy-1.8.23-3.el8 (AXSA:2020-267:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-267:02 advisory. haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated chunked value CVE-2019-18277 haproxy: HTTP/2...

9.8CVSS5.7AI score0.10024EPSS
Exploits1References3
osv
osv
added 2025/12/15 3:5 p.m.7 views

USN-7932-1 libsoup3 vulnerability

It was discovered libsoup incorrectly handled memory when handling specific HTTP/2 read and cancel sequences. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS5.8AI score0.00416EPSS
Exploits0References2
amazon
amazon
added 2025/12/08 12:0 a.m.8 views

Important: libsoup3

Issue Overview: A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could...

7.5CVSS6.2AI score0.00594EPSS
Exploits0
github
github
added 2025/09/17 8:46 p.m.13 views

Pingora update for MadeYouReset HTTP/2 vulnerability

Pingora deployments that include HTTP/2 server support may be affected by the vulnerability described in CVE-2025-8671. Under certain conditions, Pingora applications may allocate buffers before the HTTP/2 reset and resulting stream cancellation is processed by the server. Repeated resets can for...

7.5CVSS6.8AI score0.0351EPSS
Exploits3References3Affected Software1
amazon
amazon
added 2025/09/15 12:0 a.m.9 views

Medium: python-h2

Issue Overview: h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to...

6.9CVSS6.8AI score0.01596EPSS
Exploits0
vulnrichment
vulnrichment
added 2025/09/02 1:37 p.m.9 views

CVE-2025-9784 Undertow: undertow madeyoureset http/2 ddos vulnerability

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

7.5CVSS5.9AI score0.0217EPSS
Exploits1References17
nessus
nessus
added 2025/08/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2015-5168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different...

10CVSS8.1AI score0.02411EPSS
Exploits0References2
githubexploit
githubexploit
added 2025/08/21 9:20 p.m.269 views

Exploit for CVE-2025-8671

PoC-CVE-2025-8671-MadeYouReset-HTTP-2 PoC para validar vulnera...

7.5CVSS7.2AI score0.0351EPSS
Exploits3
cnvd
cnvd
added 2025/08/20 12:0 a.m.2 views

Apache Tomcat Denial of Service Vulnerability (CNVD-2025-19106)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server for the implementation of Servlet and JavaServer Page JSP support. Apache Tomcat suffers from a denial of service vulnerability due to a forced reset attack in the HTTP/2 implementation. An attacke...

7.5CVSS6.5AI score0.03514EPSS
Exploits0References1
nessus
nessus
added 2025/08/15 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-49630

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients...

7.5CVSS7.2AI score0.01149EPSS
Exploits0References2
nessus
nessus
added 2025/08/13 12:0 a.m.13 views

Apache Tomcat 10.1.0.M1 < 10.1.44

The version of Tomcat installed on the remote host is prior to 10.1.44. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.44security-10 advisory. - Tomcat's HTTP/2 implementation was vulnerable to the made you reset attack. The denial of service typically...

7.5CVSS7AI score0.03514EPSS
Exploits0References3
Rows per page
Query Builder