Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
network level service vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-45142
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious req...
Opentelemetry Opentelemetry
7.5
CVSSv3
CVE-2023-39325
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the malici...
Golang Http2
Golang Go
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Netapp Astra Trident -
Netapp Astra Trident Autosupport -
2 Github repositories
7.5
CVSSv3
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
34 Github repositories
2 Articles
7.8
CVSSv3
CVE-2023-20216
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local malicious user to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. A...
Cisco Broadworks Application Server
Cisco Broadworks Application Delivery Platform
Cisco Broadworks Network Server
Cisco Broadworks Profile Server
Cisco Broadworks Xtended Services Platform
Cisco Broadworks Troubleshooting Server
Cisco Broadworks Network Function Manager
Cisco Broadworks Network Database Server
Cisco Broadworks Execution Server
Cisco Broadworks Database Server
Cisco Broadworks Service Control Function Server
Cisco Broadworks Media Server
6.1
CVSSv3
CVE-2023-3978
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
Golang Networking
1 Github repository
5.3
CVSSv3
CVE-2023-29409
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are c...
Golang Go 1.21.0
Golang Go
1 Github repository
4.4
CVSSv3
CVE-2022-21595
Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromis...
Oracle Mysql
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Mariadb Mariadb
4.7
CVSSv3
CVE-2022-3303
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, ...
Linux Linux Kernel 6.0
Linux Linux Kernel
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.8
CVSSv3
CVE-2022-3176
There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle...
Linux Linux Kernel
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.5
CVSSv3
CVE-2022-2905
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.
Linux Linux Kernel 6.0
Linux Linux Kernel
Redhat Enterprise Linux 8.0
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »