A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be...
3.3CVSS
4.2AI Score
0.0004EPSS
An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments...
9.8CVSS
9.5AI Score
0.003EPSS
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service...
7.5CVSS
7.3AI Score
0.001EPSS
conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::to_bytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a.....
7.5CVSS
7.3AI Score
0.001EPSS
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2...
7.5CVSS
7.4AI Score
0.001EPSS
hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...
9.1CVSS
9.2AI Score
0.001EPSS
hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...
5.3CVSS
5.2AI Score
0.001EPSS
hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple...
8.1CVSS
7.9AI Score
0.003EPSS
An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback...
9.8CVSS
9.6AI Score
0.006EPSS
An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating...
9.8CVSS
9.3AI Score
0.002EPSS
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite...
7.5CVSS
7.4AI Score
0.002EPSS
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in...
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was...
4.8CVSS
4.9AI Score
0.001EPSS
hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for...
5.3CVSS
5.2AI Score
0.001EPSS
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to...
7.8CVSS
7.5AI Score
0.0004EPSS
Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown...
5.9AI Score
0.004EPSS
Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via unknown...
6.9AI Score
0.012EPSS
estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode...
6.9AI Score
0.03EPSS