Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
h2o vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2016-4864
H2O versions 2.0.3 and previous versions and 2.1.0-beta2 and previous versions allows remote malicious users to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.
Dena H2o
Dena H2o 2.1.0
481
VMScore
CVE-2014-6905
The H2O Human Harmony Organization (aka com.netpia.ha.theh2o) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
H2o Human Harmony Organization Project H2o Human Harmony Organization 1.6.5
383
VMScore
CVE-2021-43848
h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have...
Dena H2o
1 Github repository
445
VMScore
CVE-2016-4817
lib/http2/connection.c in H2O prior to 1.7.3 and 2.x prior to 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote malicious users to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet.
Dena H2o
445
VMScore
CVE-2017-10908
H2O version 2.2.3 and previous versions allows remote malicious users to cause a denial of service in the server via specially crafted HTTP/2 header.
Dena H2o
445
VMScore
CVE-2017-10869
Buffer overflow in H2O version 2.2.2 and previous versions allows remote malicious users to cause a denial-of-service in the server via unspecified vectors.
Dena H2o
356
VMScore
CVE-2017-10872
H2O version 2.2.3 and previous versions allows remote malicious users to cause a denial of service in the server via unspecified vectors.
Dena H2o
668
VMScore
CVE-2018-0608
Buffer overflow in H2O version 2.2.4 and previous versions allows remote malicious users to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors.
Dena H2o
445
VMScore
CVE-2017-10868
H2O version 2.2.2 and previous versions allows remote malicious users to cause a denial of service in the server via specially crafted HTTP/1 header.
Dena H2o
NA
CVE-2024-1456
An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »