CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

OSV•added 2026/04/06 7:58 a.m.•2 views

BIT-NODE-MIN-2026-21714

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...

5.3CVSS6.4AI score0.0002EPSS

Exploits0References2

OSV•added 2024/03/06 11:0 a.m.•27 views

BIT-ENVOY-2020-12604

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream...

7.5CVSS7.4AI score0.00437EPSS

Exploits0References3

OSV•added 2023/04/19 8:57 a.m.•0 views

USN-6026-1 vim vulnerabilities

It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. CVE-2021-4166 It was discovered that Vim was using freed memory when dealing...

9.8CVSS7.8AI score0.0529EPSS

Exploits20References21

SUSE CVE•added 2023/02/15 3:58 a.m.•1 views

SUSE CVE-2020-12604

7.5CVSS8.3AI score0.00437EPSS

Exploits0References10

RedHat Linux•added 2020/07/07 8:2 p.m.•3 views

envoy: Resource exhaustion via HTTP/2 client requests with large payloads and improper stream windows

7.5CVSS7.2AI score0.00437EPSS

Exploits0References5

RedHat Linux•added 2020/07/01 6:46 p.m.•5 views

envoy: Resource exhaustion via HTTP/2 client requests with large payloads and improper stream windows

7.5CVSS7.1AI score0.00437EPSS

Exploits0References5

Positive Technologies•added 2020/07/01 12:0 a.m.•2 views

PT-2020-13163 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions 1.14.2, 1.13.2, 1.12.4 or earlier Description: The issue arises when an HTTP/2 client requests a large payload but fails to send sufficient window updates to consume the entire stream and does not reset the stream, leading to...

7.5CVSS7.4AI score0.00786EPSS

Exploits1References17