Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
Typedeb
Namespacedebian
Nameh2o
Version2.2.5+dfsg2-6
Qualifiers
distro bullseye
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.2.5+dfsg2-7
Latest_non_vulnerable_version2.2.5+dfsg2-7
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-6du6-57uz-yqaq
vulnerability_id VCID-6du6-57uz-yqaq
summary H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10868
reference_id
reference_type
scores
0
value 0.01218
scoring_system epss
scoring_elements 0.79071
published_at 2026-04-21T12:55:00Z
1
value 0.01218
scoring_system epss
scoring_elements 0.79075
published_at 2026-04-16T12:55:00Z
2
value 0.01218
scoring_system epss
scoring_elements 0.79
published_at 2026-04-01T12:55:00Z
3
value 0.01218
scoring_system epss
scoring_elements 0.79006
published_at 2026-04-02T12:55:00Z
4
value 0.01218
scoring_system epss
scoring_elements 0.79033
published_at 2026-04-04T12:55:00Z
5
value 0.01218
scoring_system epss
scoring_elements 0.79017
published_at 2026-04-07T12:55:00Z
6
value 0.01218
scoring_system epss
scoring_elements 0.79041
published_at 2026-04-08T12:55:00Z
7
value 0.01218
scoring_system epss
scoring_elements 0.79048
published_at 2026-04-09T12:55:00Z
8
value 0.01218
scoring_system epss
scoring_elements 0.79072
published_at 2026-04-18T12:55:00Z
9
value 0.01218
scoring_system epss
scoring_elements 0.79057
published_at 2026-04-12T12:55:00Z
10
value 0.01218
scoring_system epss
scoring_elements 0.79047
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10868
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10868
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10868
2
reference_url https://github.com/h2o/h2o/issues/1459
reference_id
reference_type
scores
url https://github.com/h2o/h2o/issues/1459
3
reference_url https://jvn.jp/en/jp/JVN84182676/index.html
reference_id
reference_type
scores
url https://jvn.jp/en/jp/JVN84182676/index.html
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10868
reference_id CVE-2017-10868
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2017-10868
fixed_packages
0
url pkg:deb/debian/h2o@2.2.3%2Bdfsg-1?distro=bullseye
purl pkg:deb/debian/h2o@2.2.3%2Bdfsg-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.3%252Bdfsg-1%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2017-10868
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6du6-57uz-yqaq
1
url VCID-a87p-5cc2-c7g4
vulnerability_id VCID-a87p-5cc2-c7g4
summary Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5638
reference_id
reference_type
scores
0
value 0.00242
scoring_system epss
scoring_elements 0.47388
published_at 2026-04-01T12:55:00Z
1
value 0.00242
scoring_system epss
scoring_elements 0.47421
published_at 2026-04-02T12:55:00Z
2
value 0.00242
scoring_system epss
scoring_elements 0.47442
published_at 2026-04-12T12:55:00Z
3
value 0.00242
scoring_system epss
scoring_elements 0.47392
published_at 2026-04-07T12:55:00Z
4
value 0.00242
scoring_system epss
scoring_elements 0.47447
published_at 2026-04-08T12:55:00Z
5
value 0.00242
scoring_system epss
scoring_elements 0.47444
published_at 2026-04-09T12:55:00Z
6
value 0.00242
scoring_system epss
scoring_elements 0.47467
published_at 2026-04-11T12:55:00Z
7
value 0.00242
scoring_system epss
scoring_elements 0.47448
published_at 2026-04-13T12:55:00Z
8
value 0.00242
scoring_system epss
scoring_elements 0.47508
published_at 2026-04-16T12:55:00Z
9
value 0.00242
scoring_system epss
scoring_elements 0.475
published_at 2026-04-18T12:55:00Z
10
value 0.00242
scoring_system epss
scoring_elements 0.47451
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5638
fixed_packages
0
url pkg:deb/debian/h2o@0?distro=bullseye
purl pkg:deb/debian/h2o@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2015-5638
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a87p-5cc2-c7g4
2
url VCID-aqt5-2ffy-9bgs
vulnerability_id VCID-aqt5-2ffy-9bgs
summary HTTP/2: flood using SETTINGS frames results in unbounded memory growth
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9515.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9515.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-9515
reference_id
reference_type
scores
0
value 0.09046
scoring_system epss
scoring_elements 0.92655
published_at 2026-04-21T12:55:00Z
1
value 0.09046
scoring_system epss
scoring_elements 0.92639
published_at 2026-04-13T12:55:00Z
2
value 0.09046
scoring_system epss
scoring_elements 0.9264
published_at 2026-04-12T12:55:00Z
3
value 0.09046
scoring_system epss
scoring_elements 0.92652
published_at 2026-04-18T12:55:00Z
4
value 0.09046
scoring_system epss
scoring_elements 0.92618
published_at 2026-04-07T12:55:00Z
5
value 0.09046
scoring_system epss
scoring_elements 0.92629
published_at 2026-04-08T12:55:00Z
6
value 0.09046
scoring_system epss
scoring_elements 0.92635
published_at 2026-04-09T12:55:00Z
7
value 0.10394
scoring_system epss
scoring_elements 0.93194
published_at 2026-04-02T12:55:00Z
8
value 0.10394
scoring_system epss
scoring_elements 0.93185
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-9515
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1735745
reference_id 1735745
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1735745
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886
reference_id 934886
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887
reference_id 934887
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887
11
reference_url https://access.redhat.com/errata/RHSA-2020:0922
reference_id RHSA-2020:0922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0922
12
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
13
reference_url https://access.redhat.com/errata/RHSA-2020:1445
reference_id RHSA-2020:1445
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1445
14
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
15
reference_url https://access.redhat.com/errata/RHSA-2020:2565
reference_id RHSA-2020:2565
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2565
16
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
17
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
18
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
19
reference_url https://usn.ubuntu.com/USN-4866-1/
reference_id USN-USN-4866-1
reference_type
scores
url https://usn.ubuntu.com/USN-4866-1/
fixed_packages
0
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-3?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-3?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-3%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2019-9515
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aqt5-2ffy-9bgs
3
url VCID-bja7-a3uf-zqer
vulnerability_id VCID-bja7-a3uf-zqer
summary h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to send internal state of h2o to backend servers controlled by the attacker or third party. Also, if there is an HTTP endpoint that reflects the traffic sent from the client, an attacker can use that reflector to obtain internal state of h2o. This internal state includes traffic of other connections in unencrypted form and TLS session tickets. This vulnerability exists in h2o server with HTTP/3 support, between commit 93af138 and d1f0f65. None of the released versions of h2o are affected by this vulnerability. There are no known workarounds. Users of unreleased versions of h2o using HTTP/3 are advised to upgrade immediately.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43848
reference_id
reference_type
scores
0
value 0.133
scoring_system epss
scoring_elements 0.94189
published_at 2026-04-21T12:55:00Z
1
value 0.133
scoring_system epss
scoring_elements 0.94136
published_at 2026-04-02T12:55:00Z
2
value 0.133
scoring_system epss
scoring_elements 0.94168
published_at 2026-04-11T12:55:00Z
3
value 0.133
scoring_system epss
scoring_elements 0.94169
published_at 2026-04-13T12:55:00Z
4
value 0.133
scoring_system epss
scoring_elements 0.94184
published_at 2026-04-16T12:55:00Z
5
value 0.133
scoring_system epss
scoring_elements 0.94126
published_at 2026-04-01T12:55:00Z
6
value 0.133
scoring_system epss
scoring_elements 0.94147
published_at 2026-04-04T12:55:00Z
7
value 0.133
scoring_system epss
scoring_elements 0.9415
published_at 2026-04-07T12:55:00Z
8
value 0.133
scoring_system epss
scoring_elements 0.94159
published_at 2026-04-08T12:55:00Z
9
value 0.133
scoring_system epss
scoring_elements 0.94163
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43848
1
reference_url https://github.com/h2o/h2o/commit/8c0eca3
reference_id 8c0eca3
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:27Z/
url https://github.com/h2o/h2o/commit/8c0eca3
2
reference_url https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4
reference_id GHSA-f9xw-j925-m4m4
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:27Z/
url https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4
fixed_packages
0
url pkg:deb/debian/h2o@0?distro=bullseye
purl pkg:deb/debian/h2o@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2021-43848
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bja7-a3uf-zqer
4
url VCID-chev-s1fh-8bhy
vulnerability_id VCID-chev-s1fh-8bhy
summary Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10869
reference_id
reference_type
scores
0
value 0.01867
scoring_system epss
scoring_elements 0.83121
published_at 2026-04-21T12:55:00Z
1
value 0.01867
scoring_system epss
scoring_elements 0.83119
published_at 2026-04-18T12:55:00Z
2
value 0.01867
scoring_system epss
scoring_elements 0.83015
published_at 2026-04-01T12:55:00Z
3
value 0.01867
scoring_system epss
scoring_elements 0.83031
published_at 2026-04-02T12:55:00Z
4
value 0.01867
scoring_system epss
scoring_elements 0.83045
published_at 2026-04-04T12:55:00Z
5
value 0.01867
scoring_system epss
scoring_elements 0.83043
published_at 2026-04-07T12:55:00Z
6
value 0.01867
scoring_system epss
scoring_elements 0.83067
published_at 2026-04-08T12:55:00Z
7
value 0.01867
scoring_system epss
scoring_elements 0.83075
published_at 2026-04-09T12:55:00Z
8
value 0.01867
scoring_system epss
scoring_elements 0.8309
published_at 2026-04-11T12:55:00Z
9
value 0.01867
scoring_system epss
scoring_elements 0.83084
published_at 2026-04-12T12:55:00Z
10
value 0.01867
scoring_system epss
scoring_elements 0.8308
published_at 2026-04-13T12:55:00Z
11
value 0.01867
scoring_system epss
scoring_elements 0.83118
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10869
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10869
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10869
2
reference_url https://github.com/h2o/h2o/issues/1460
reference_id
reference_type
scores
url https://github.com/h2o/h2o/issues/1460
3
reference_url https://jvn.jp/en/jp/JVN84182676/index.html
reference_id
reference_type
scores
url https://jvn.jp/en/jp/JVN84182676/index.html
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10869
reference_id CVE-2017-10869
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2017-10869
fixed_packages
0
url pkg:deb/debian/h2o@2.2.3%2Bdfsg-1?distro=bullseye
purl pkg:deb/debian/h2o@2.2.3%2Bdfsg-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.3%252Bdfsg-1%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2017-10869
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chev-s1fh-8bhy
5
url VCID-e3m7-psun-vfby
vulnerability_id VCID-e3m7-psun-vfby
summary h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in version 2.3.0-beta and prior), is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressively increase the memory retained by the QUIC stack. This can eventually cause H2O to abort due to memory exhaustion. The vulnerability has been resolved in commit d67e81d03be12a9d53dc8271af6530f40164cd35. HTTP/1 and HTTP/2 are not affected by this vulnerability as they do not use QUIC. Administrators looking to mitigate this issue without upgrading can disable HTTP/3 support.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50247
reference_id
reference_type
scores
0
value 0.00562
scoring_system epss
scoring_elements 0.68283
published_at 2026-04-02T12:55:00Z
1
value 0.00562
scoring_system epss
scoring_elements 0.68303
published_at 2026-04-04T12:55:00Z
2
value 0.00562
scoring_system epss
scoring_elements 0.6828
published_at 2026-04-07T12:55:00Z
3
value 0.00562
scoring_system epss
scoring_elements 0.68331
published_at 2026-04-08T12:55:00Z
4
value 0.00562
scoring_system epss
scoring_elements 0.68347
published_at 2026-04-09T12:55:00Z
5
value 0.00562
scoring_system epss
scoring_elements 0.68373
published_at 2026-04-11T12:55:00Z
6
value 0.00562
scoring_system epss
scoring_elements 0.6836
published_at 2026-04-12T12:55:00Z
7
value 0.00562
scoring_system epss
scoring_elements 0.68328
published_at 2026-04-13T12:55:00Z
8
value 0.00562
scoring_system epss
scoring_elements 0.68367
published_at 2026-04-16T12:55:00Z
9
value 0.00562
scoring_system epss
scoring_elements 0.6838
published_at 2026-04-18T12:55:00Z
10
value 0.00562
scoring_system epss
scoring_elements 0.68359
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50247
fixed_packages
0
url pkg:deb/debian/h2o@0?distro=bullseye
purl pkg:deb/debian/h2o@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2023-50247
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3m7-psun-vfby
6
url VCID-gwvf-vrtr-v3dk
vulnerability_id VCID-gwvf-vrtr-v3dk
summary Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7835
reference_id
reference_type
scores
0
value 0.03157
scoring_system epss
scoring_elements 0.86854
published_at 2026-04-01T12:55:00Z
1
value 0.03157
scoring_system epss
scoring_elements 0.86865
published_at 2026-04-02T12:55:00Z
2
value 0.03157
scoring_system epss
scoring_elements 0.86884
published_at 2026-04-04T12:55:00Z
3
value 0.03157
scoring_system epss
scoring_elements 0.86878
published_at 2026-04-07T12:55:00Z
4
value 0.03157
scoring_system epss
scoring_elements 0.86898
published_at 2026-04-08T12:55:00Z
5
value 0.03157
scoring_system epss
scoring_elements 0.86906
published_at 2026-04-09T12:55:00Z
6
value 0.03157
scoring_system epss
scoring_elements 0.86919
published_at 2026-04-11T12:55:00Z
7
value 0.03157
scoring_system epss
scoring_elements 0.86915
published_at 2026-04-12T12:55:00Z
8
value 0.03157
scoring_system epss
scoring_elements 0.86909
published_at 2026-04-13T12:55:00Z
9
value 0.03157
scoring_system epss
scoring_elements 0.86926
published_at 2026-04-16T12:55:00Z
10
value 0.03157
scoring_system epss
scoring_elements 0.86931
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7835
fixed_packages
0
url pkg:deb/debian/h2o@0?distro=bullseye
purl pkg:deb/debian/h2o@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2016-7835
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwvf-vrtr-v3dk
7
url VCID-hbte-dsw2-y7ad
vulnerability_id VCID-hbte-dsw2-y7ad
summary 
golang.org/x/net/http vulnerable to ping floods
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

### Specific Go Packages Affected
golang.org/x/net/http2
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
5
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
6
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
7
reference_url https://access.redhat.com/errata/RHSA-2019:2594
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2594
8
reference_url https://access.redhat.com/errata/RHSA-2019:2661
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2661
9
reference_url https://access.redhat.com/errata/RHSA-2019:2682
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2682
10
reference_url https://access.redhat.com/errata/RHSA-2019:2690
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2690
11
reference_url https://access.redhat.com/errata/RHSA-2019:2726
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2726
12
reference_url https://access.redhat.com/errata/RHSA-2019:2766
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2766
13
reference_url https://access.redhat.com/errata/RHSA-2019:2769
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2769
14
reference_url https://access.redhat.com/errata/RHSA-2019:2796
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2796
15
reference_url https://access.redhat.com/errata/RHSA-2019:2861
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2861
16
reference_url https://access.redhat.com/errata/RHSA-2019:2925
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2925
17
reference_url https://access.redhat.com/errata/RHSA-2019:2939
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2939
18
reference_url https://access.redhat.com/errata/RHSA-2019:2955
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2955
19
reference_url https://access.redhat.com/errata/RHSA-2019:2966
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2966
20
reference_url https://access.redhat.com/errata/RHSA-2019:3131
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3131
21
reference_url https://access.redhat.com/errata/RHSA-2019:3245
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3245
22
reference_url https://access.redhat.com/errata/RHSA-2019:3265
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3265
23
reference_url https://access.redhat.com/errata/RHSA-2019:3892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3892
24
reference_url https://access.redhat.com/errata/RHSA-2019:3906
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3906
25
reference_url https://access.redhat.com/errata/RHSA-2019:4018
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4018
26
reference_url https://access.redhat.com/errata/RHSA-2019:4019
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4019
27
reference_url https://access.redhat.com/errata/RHSA-2019:4020
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4020
28
reference_url https://access.redhat.com/errata/RHSA-2019:4021
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4021
29
reference_url https://access.redhat.com/errata/RHSA-2019:4040
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4040
30
reference_url https://access.redhat.com/errata/RHSA-2019:4041
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4041
31
reference_url https://access.redhat.com/errata/RHSA-2019:4042
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4042
32
reference_url https://access.redhat.com/errata/RHSA-2019:4045
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4045
33
reference_url https://access.redhat.com/errata/RHSA-2019:4269
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4269
34
reference_url https://access.redhat.com/errata/RHSA-2019:4273
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4273
35
reference_url https://access.redhat.com/errata/RHSA-2019:4352
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4352
36
reference_url https://access.redhat.com/errata/RHSA-2020:0406
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0406
37
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
38
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9512.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9512.json
39
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-9512
reference_id
reference_type
scores
0
value 0.51232
scoring_system epss
scoring_elements 0.97869
published_at 2026-04-07T12:55:00Z
1
value 0.51232
scoring_system epss
scoring_elements 0.97866
published_at 2026-04-04T12:55:00Z
2
value 0.51232
scoring_system epss
scoring_elements 0.97864
published_at 2026-04-02T12:55:00Z
3
value 0.51232
scoring_system epss
scoring_elements 0.97858
published_at 2026-04-01T12:55:00Z
4
value 0.51232
scoring_system epss
scoring_elements 0.97876
published_at 2026-04-09T12:55:00Z
5
value 0.51232
scoring_system epss
scoring_elements 0.97873
published_at 2026-04-08T12:55:00Z
6
value 0.51232
scoring_system epss
scoring_elements 0.97881
published_at 2026-04-13T12:55:00Z
7
value 0.51232
scoring_system epss
scoring_elements 0.97888
published_at 2026-04-21T12:55:00Z
8
value 0.51232
scoring_system epss
scoring_elements 0.9789
published_at 2026-04-18T12:55:00Z
9
value 0.51232
scoring_system epss
scoring_elements 0.97879
published_at 2026-04-11T12:55:00Z
10
value 0.51232
scoring_system epss
scoring_elements 0.9788
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-9512
40
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079
41
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809
42
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
43
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
44
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
45
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
46
reference_url http://seclists.org/fulldisclosure/2019/Aug/16
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Aug/16
47
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
48
reference_url https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
49
reference_url https://go.dev/cl/190137
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/190137
50
reference_url https://go.dev/issue/33606
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/33606
51
reference_url https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5
52
reference_url https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ
53
reference_url https://kb.cert.org/vuls/id/605641
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://kb.cert.org/vuls/id/605641
54
reference_url https://kc.mcafee.com/corporate/index?page=content&id=SB10296
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://kc.mcafee.com/corporate/index?page=content&id=SB10296
55
reference_url https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E
56
reference_url https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
57
reference_url https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E
58
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html
59
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7
60
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC
61
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP
62
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ
63
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-9512
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-9512
64
reference_url https://pkg.go.dev/vuln/GO-2022-0536
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2022-0536
65
reference_url https://seclists.org/bugtraq/2019/Aug/24
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/24
66
reference_url https://seclists.org/bugtraq/2019/Aug/31
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/31
67
reference_url https://seclists.org/bugtraq/2019/Aug/43
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/43
68
reference_url https://seclists.org/bugtraq/2019/Sep/18
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Sep/18
69
reference_url https://security.netapp.com/advisory/ntap-20190823-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190823-0001
70
reference_url https://security.netapp.com/advisory/ntap-20190823-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190823-0004
71
reference_url https://security.netapp.com/advisory/ntap-20190823-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190823-0005
72
reference_url https://support.f5.com/csp/article/K98053339
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.f5.com/csp/article/K98053339
73
reference_url https://support.f5.com/csp/article/K98053339?utm_source=f5support&utm_medium=RSS
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.f5.com/csp/article/K98053339?utm_source=f5support&utm_medium=RSS
74
reference_url https://usn.ubuntu.com/4308-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4308-1
75
reference_url https://www.debian.org/security/2019/dsa-4503
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4503
76
reference_url https://www.debian.org/security/2019/dsa-4508
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4508
77
reference_url https://www.debian.org/security/2019/dsa-4520
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4520
78
reference_url https://www.synology.com/security/advisory/Synology_SA_19_33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_33
79
reference_url http://www.openwall.com/lists/oss-security/2019/08/20/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/08/20/1
80
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1735645
reference_id 1735645
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1735645
81
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886
reference_id 934886
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886
82
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887
reference_id 934887
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887
83
reference_url https://security.archlinux.org/ASA-201908-15
reference_id ASA-201908-15
reference_type
scores
url https://security.archlinux.org/ASA-201908-15
84
reference_url https://security.archlinux.org/AVG-1021
reference_id AVG-1021
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1021
85
reference_url https://access.redhat.com/errata/RHSA-2019:2817
reference_id RHSA-2019:2817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2817
86
reference_url https://access.redhat.com/errata/RHSA-2020:0922
reference_id RHSA-2020:0922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0922
87
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
88
reference_url https://access.redhat.com/errata/RHSA-2020:1445
reference_id RHSA-2020:1445
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1445
89
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
90
reference_url https://access.redhat.com/errata/RHSA-2020:2565
reference_id RHSA-2020:2565
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2565
91
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
92
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
93
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
94
reference_url https://usn.ubuntu.com/USN-4866-1/
reference_id USN-USN-4866-1
reference_type
scores
url https://usn.ubuntu.com/USN-4866-1/
fixed_packages
0
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-3?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-3?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-3%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2019-9512, GHSA-hgr8-6h9x-f7q9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hbte-dsw2-y7ad
8
url VCID-k8g5-d8xx-3ye4
vulnerability_id VCID-k8g5-d8xx-3ye4
summary H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4864
reference_id
reference_type
scores
0
value 0.01598
scoring_system epss
scoring_elements 0.81619
published_at 2026-04-01T12:55:00Z
1
value 0.01598
scoring_system epss
scoring_elements 0.8163
published_at 2026-04-02T12:55:00Z
2
value 0.01598
scoring_system epss
scoring_elements 0.81652
published_at 2026-04-04T12:55:00Z
3
value 0.01598
scoring_system epss
scoring_elements 0.8165
published_at 2026-04-07T12:55:00Z
4
value 0.01598
scoring_system epss
scoring_elements 0.81677
published_at 2026-04-08T12:55:00Z
5
value 0.01598
scoring_system epss
scoring_elements 0.81681
published_at 2026-04-09T12:55:00Z
6
value 0.01598
scoring_system epss
scoring_elements 0.81701
published_at 2026-04-11T12:55:00Z
7
value 0.01598
scoring_system epss
scoring_elements 0.81689
published_at 2026-04-12T12:55:00Z
8
value 0.01598
scoring_system epss
scoring_elements 0.81682
published_at 2026-04-13T12:55:00Z
9
value 0.01598
scoring_system epss
scoring_elements 0.81721
published_at 2026-04-16T12:55:00Z
10
value 0.01598
scoring_system epss
scoring_elements 0.8172
published_at 2026-04-18T12:55:00Z
11
value 0.01598
scoring_system epss
scoring_elements 0.81724
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4864
fixed_packages
0
url pkg:deb/debian/h2o@0?distro=bullseye
purl pkg:deb/debian/h2o@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2016-4864
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8g5-d8xx-3ye4
9
url VCID-kn2d-fupu-wbam
vulnerability_id VCID-kn2d-fupu-wbam
summary CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2016-000003
reference_id
reference_type
scores
url http://jvndb.jvn.jp/jvndb/JVNDB-2016-000003
1
reference_url http://jvn.jp/en/jp/JVN45928828/index.html
reference_id
reference_type
scores
url http://jvn.jp/en/jp/JVN45928828/index.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1133
reference_id
reference_type
scores
0
value 0.00386
scoring_system epss
scoring_elements 0.59804
published_at 2026-04-21T12:55:00Z
1
value 0.00386
scoring_system epss
scoring_elements 0.59821
published_at 2026-04-18T12:55:00Z
2
value 0.00386
scoring_system epss
scoring_elements 0.59658
published_at 2026-04-01T12:55:00Z
3
value 0.00386
scoring_system epss
scoring_elements 0.59732
published_at 2026-04-02T12:55:00Z
4
value 0.00386
scoring_system epss
scoring_elements 0.59756
published_at 2026-04-04T12:55:00Z
5
value 0.00386
scoring_system epss
scoring_elements 0.59726
published_at 2026-04-07T12:55:00Z
6
value 0.00386
scoring_system epss
scoring_elements 0.59778
published_at 2026-04-08T12:55:00Z
7
value 0.00386
scoring_system epss
scoring_elements 0.59792
published_at 2026-04-09T12:55:00Z
8
value 0.00386
scoring_system epss
scoring_elements 0.59811
published_at 2026-04-11T12:55:00Z
9
value 0.00386
scoring_system epss
scoring_elements 0.59795
published_at 2026-04-12T12:55:00Z
10
value 0.00386
scoring_system epss
scoring_elements 0.59777
published_at 2026-04-13T12:55:00Z
11
value 0.00386
scoring_system epss
scoring_elements 0.59814
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1133
3
reference_url https://github.com/h2o/h2o/issues/682
reference_id
reference_type
scores
url https://github.com/h2o/h2o/issues/682
4
reference_url https://github.com/h2o/h2o/issues/684
reference_id
reference_type
scores
url https://github.com/h2o/h2o/issues/684
5
reference_url https://h2o.examp1e.net/vulnerabilities.html#CVE-2016-1133
reference_id
reference_type
scores
url https://h2o.examp1e.net/vulnerabilities.html#CVE-2016-1133
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:1.7.0:beta2:*:*:*:*:*:*
reference_id cpe:2.3:a:dena:h2o:1.7.0:beta2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:1.7.0:beta2:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1133
reference_id CVE-2016-1133
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2016-1133
fixed_packages
0
url pkg:deb/debian/h2o@0?distro=bullseye
purl pkg:deb/debian/h2o@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2016-1133
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kn2d-fupu-wbam
10
url VCID-n66u-b73u-zucb
vulnerability_id VCID-n66u-b73u-zucb
summary 
golang.org/x/net/http vulnerable to a reset flood
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

### Specific Go Packages Affected
golang.org/x/net/http2
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
5
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
6
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
7
reference_url https://access.redhat.com/errata/RHSA-2019:2594
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2594
8
reference_url https://access.redhat.com/errata/RHSA-2019:2661
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2661
9
reference_url https://access.redhat.com/errata/RHSA-2019:2682
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2682
10
reference_url https://access.redhat.com/errata/RHSA-2019:2690
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2690
11
reference_url https://access.redhat.com/errata/RHSA-2019:2726
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2726
12
reference_url https://access.redhat.com/errata/RHSA-2019:2766
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2766
13
reference_url https://access.redhat.com/errata/RHSA-2019:2769
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2769
14
reference_url https://access.redhat.com/errata/RHSA-2019:2796
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2796
15
reference_url https://access.redhat.com/errata/RHSA-2019:2861
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2861
16
reference_url https://access.redhat.com/errata/RHSA-2019:2925
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2925
17
reference_url https://access.redhat.com/errata/RHSA-2019:2939
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2939
18
reference_url https://access.redhat.com/errata/RHSA-2019:2955
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2955
19
reference_url https://access.redhat.com/errata/RHSA-2019:2966
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2966
20
reference_url https://access.redhat.com/errata/RHSA-2019:3131
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3131
21
reference_url https://access.redhat.com/errata/RHSA-2019:3245
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3245
22
reference_url https://access.redhat.com/errata/RHSA-2019:3265
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3265
23
reference_url https://access.redhat.com/errata/RHSA-2019:3892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3892
24
reference_url https://access.redhat.com/errata/RHSA-2019:3906
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3906
25
reference_url https://access.redhat.com/errata/RHSA-2019:4018
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4018
26
reference_url https://access.redhat.com/errata/RHSA-2019:4019
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4019
27
reference_url https://access.redhat.com/errata/RHSA-2019:4020
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4020
28
reference_url https://access.redhat.com/errata/RHSA-2019:4021
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4021
29
reference_url https://access.redhat.com/errata/RHSA-2019:4040
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4040
30
reference_url https://access.redhat.com/errata/RHSA-2019:4041
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4041
31
reference_url https://access.redhat.com/errata/RHSA-2019:4042
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4042
32
reference_url https://access.redhat.com/errata/RHSA-2019:4045
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4045
33
reference_url https://access.redhat.com/errata/RHSA-2019:4269
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4269
34
reference_url https://access.redhat.com/errata/RHSA-2019:4273
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4273
35
reference_url https://access.redhat.com/errata/RHSA-2019:4352
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4352
36
reference_url https://access.redhat.com/errata/RHSA-2020:0406
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0406
37
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
38
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9514.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9514.json
39
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-9514
reference_id
reference_type
scores
0
value 0.09483
scoring_system epss
scoring_elements 0.92841
published_at 2026-04-21T12:55:00Z
1
value 0.09483
scoring_system epss
scoring_elements 0.92799
published_at 2026-04-01T12:55:00Z
2
value 0.09483
scoring_system epss
scoring_elements 0.92806
published_at 2026-04-02T12:55:00Z
3
value 0.09483
scoring_system epss
scoring_elements 0.9281
published_at 2026-04-04T12:55:00Z
4
value 0.09483
scoring_system epss
scoring_elements 0.92809
published_at 2026-04-07T12:55:00Z
5
value 0.09483
scoring_system epss
scoring_elements 0.92818
published_at 2026-04-08T12:55:00Z
6
value 0.09483
scoring_system epss
scoring_elements 0.92822
published_at 2026-04-09T12:55:00Z
7
value 0.09483
scoring_system epss
scoring_elements 0.92826
published_at 2026-04-13T12:55:00Z
8
value 0.09483
scoring_system epss
scoring_elements 0.92825
published_at 2026-04-12T12:55:00Z
9
value 0.09483
scoring_system epss
scoring_elements 0.92836
published_at 2026-04-16T12:55:00Z
10
value 0.09483
scoring_system epss
scoring_elements 0.92837
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-9514
40
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079
41
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809
42
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604
43
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605
44
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606
45
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
46
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
47
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
48
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
49
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
50
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
51
reference_url http://seclists.org/fulldisclosure/2019/Aug/16
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Aug/16
52
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
53
reference_url https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
54
reference_url https://go.dev/cl/190137
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/190137
55
reference_url https://go.dev/issue/33606
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/33606
56
reference_url https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5
57
reference_url https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ
58
reference_url https://kb.cert.org/vuls/id/605641
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://kb.cert.org/vuls/id/605641
59
reference_url https://kc.mcafee.com/corporate/index?page=content&id=SB10296
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://kc.mcafee.com/corporate/index?page=content&id=SB10296
60
reference_url https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E
61
reference_url https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
62
reference_url https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E
63
reference_url https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html
64
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7
65
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC
66
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP
67
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ
68
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-9514
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-9514
69
reference_url https://pkg.go.dev/vuln/GO-2022-0536
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2022-0536
70
reference_url https://seclists.org/bugtraq/2019/Aug/24
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/24
71
reference_url https://seclists.org/bugtraq/2019/Aug/31
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/31
72
reference_url https://seclists.org/bugtraq/2019/Aug/43
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/43
73
reference_url https://seclists.org/bugtraq/2019/Sep/18
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Sep/18
74
reference_url https://security.netapp.com/advisory/ntap-20190823-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190823-0001
75
reference_url https://security.netapp.com/advisory/ntap-20190823-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190823-0004
76
reference_url https://security.netapp.com/advisory/ntap-20190823-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190823-0005
77
reference_url https://support.f5.com/csp/article/K01988340
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.f5.com/csp/article/K01988340
78
reference_url https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS
79
reference_url https://usn.ubuntu.com/4308-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4308-1
80
reference_url https://www.debian.org/security/2019/dsa-4503
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4503
81
reference_url https://www.debian.org/security/2019/dsa-4508
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4508
82
reference_url https://www.debian.org/security/2019/dsa-4520
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4520
83
reference_url https://www.debian.org/security/2020/dsa-4669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4669
84
reference_url https://www.synology.com/security/advisory/Synology_SA_19_33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_33
85
reference_url http://www.openwall.com/lists/oss-security/2019/08/20/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/08/20/1
86
reference_url http://www.openwall.com/lists/oss-security/2023/10/18/8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/10/18/8
87
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062667
reference_id 1062667
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062667
88
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1735744
reference_id 1735744
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1735744
89
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885
reference_id 934885
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885
90
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886
reference_id 934886
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886
91
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887
reference_id 934887
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887
92
reference_url https://security.archlinux.org/ASA-201908-15
reference_id ASA-201908-15
reference_type
scores
url https://security.archlinux.org/ASA-201908-15
93
reference_url https://security.archlinux.org/AVG-1021
reference_id AVG-1021
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1021
94
reference_url https://access.redhat.com/errata/RHSA-2019:2817
reference_id RHSA-2019:2817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2817
95
reference_url https://access.redhat.com/errata/RHSA-2020:0922
reference_id RHSA-2020:0922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0922
96
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
97
reference_url https://access.redhat.com/errata/RHSA-2020:1445
reference_id RHSA-2020:1445
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1445
98
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
99
reference_url https://access.redhat.com/errata/RHSA-2020:2565
reference_id RHSA-2020:2565
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2565
100
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
101
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
102
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
103
reference_url https://usn.ubuntu.com/USN-4866-1/
reference_id USN-USN-4866-1
reference_type
scores
url https://usn.ubuntu.com/USN-4866-1/
fixed_packages
0
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-3?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-3?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-3%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2019-9514, GHSA-39qc-96h7-956f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n66u-b73u-zucb
11
url VCID-p463-b1yc-jkev
vulnerability_id VCID-p463-b1yc-jkev
summary H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request number 3229 fixes the issue. The pull request has been merged to the `master` branch in commit f010336. Users should upgrade to commit f010336 or later.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30847
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.57394
published_at 2026-04-18T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57396
published_at 2026-04-08T12:55:00Z
2
value 0.00348
scoring_system epss
scoring_elements 0.57398
published_at 2026-04-16T12:55:00Z
3
value 0.00348
scoring_system epss
scoring_elements 0.57413
published_at 2026-04-11T12:55:00Z
4
value 0.00348
scoring_system epss
scoring_elements 0.57393
published_at 2026-04-12T12:55:00Z
5
value 0.00348
scoring_system epss
scoring_elements 0.57372
published_at 2026-04-21T12:55:00Z
6
value 0.00348
scoring_system epss
scoring_elements 0.57346
published_at 2026-04-02T12:55:00Z
7
value 0.00348
scoring_system epss
scoring_elements 0.57368
published_at 2026-04-04T12:55:00Z
8
value 0.00348
scoring_system epss
scoring_elements 0.57344
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30847
1
reference_url https://github.com/h2o/h2o/pull/3229
reference_id 3229
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:51:39Z/
url https://github.com/h2o/h2o/pull/3229
2
reference_url https://github.com/h2o/h2o/commit/f010336bab162839df43d9e87570897466c97e33
reference_id f010336bab162839df43d9e87570897466c97e33
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:51:39Z/
url https://github.com/h2o/h2o/commit/f010336bab162839df43d9e87570897466c97e33
3
reference_url https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx
reference_id GHSA-p5hj-phwj-hrvx
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:51:39Z/
url https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx
fixed_packages
0
url pkg:deb/debian/h2o@0?distro=bullseye
purl pkg:deb/debian/h2o@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2023-30847
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p463-b1yc-jkev
12
url VCID-v78s-xcjx-jugh
vulnerability_id VCID-v78s-xcjx-jugh
summary H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10908
reference_id
reference_type
scores
0
value 0.01336
scoring_system epss
scoring_elements 0.80016
published_at 2026-04-21T12:55:00Z
1
value 0.01336
scoring_system epss
scoring_elements 0.80014
published_at 2026-04-18T12:55:00Z
2
value 0.01336
scoring_system epss
scoring_elements 0.79936
published_at 2026-04-01T12:55:00Z
3
value 0.01336
scoring_system epss
scoring_elements 0.79943
published_at 2026-04-02T12:55:00Z
4
value 0.01336
scoring_system epss
scoring_elements 0.79964
published_at 2026-04-04T12:55:00Z
5
value 0.01336
scoring_system epss
scoring_elements 0.79952
published_at 2026-04-07T12:55:00Z
6
value 0.01336
scoring_system epss
scoring_elements 0.79981
published_at 2026-04-08T12:55:00Z
7
value 0.01336
scoring_system epss
scoring_elements 0.7999
published_at 2026-04-09T12:55:00Z
8
value 0.01336
scoring_system epss
scoring_elements 0.8001
published_at 2026-04-11T12:55:00Z
9
value 0.01336
scoring_system epss
scoring_elements 0.79993
published_at 2026-04-12T12:55:00Z
10
value 0.01336
scoring_system epss
scoring_elements 0.79986
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10908
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10908
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10908
2
reference_url https://github.com/h2o/h2o/issues/1544
reference_id
reference_type
scores
url https://github.com/h2o/h2o/issues/1544
3
reference_url https://jvn.jp/en/jp/JVN84182676/index.html
reference_id
reference_type
scores
url https://jvn.jp/en/jp/JVN84182676/index.html
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10908
reference_id CVE-2017-10908
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2017-10908
fixed_packages
0
url pkg:deb/debian/h2o@2.2.4%2Bdfsg-1?distro=bullseye
purl pkg:deb/debian/h2o@2.2.4%2Bdfsg-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.4%252Bdfsg-1%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2017-10908
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v78s-xcjx-jugh
13
url VCID-vgst-7jj7-cuet
vulnerability_id VCID-vgst-7jj7-cuet
summary h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, the h2o standalone server automatically restarts, minimizing the impact. However, HTTP requests that were served concurrently will still be disrupted. The vulnerability has been addressed in commit 1ed32b2. Users may disable the use of HTTP/3 to mitigate the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45403
reference_id
reference_type
scores
0
value 0.0033
scoring_system epss
scoring_elements 0.56018
published_at 2026-04-21T12:55:00Z
1
value 0.0033
scoring_system epss
scoring_elements 0.56001
published_at 2026-04-04T12:55:00Z
2
value 0.0033
scoring_system epss
scoring_elements 0.56031
published_at 2026-04-08T12:55:00Z
3
value 0.0033
scoring_system epss
scoring_elements 0.56034
published_at 2026-04-09T12:55:00Z
4
value 0.0033
scoring_system epss
scoring_elements 0.56044
published_at 2026-04-11T12:55:00Z
5
value 0.0033
scoring_system epss
scoring_elements 0.56024
published_at 2026-04-12T12:55:00Z
6
value 0.0033
scoring_system epss
scoring_elements 0.56006
published_at 2026-04-13T12:55:00Z
7
value 0.0033
scoring_system epss
scoring_elements 0.56042
published_at 2026-04-16T12:55:00Z
8
value 0.0033
scoring_system epss
scoring_elements 0.56045
published_at 2026-04-18T12:55:00Z
9
value 0.0033
scoring_system epss
scoring_elements 0.5598
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45403
1
reference_url https://github.com/h2o/h2o/commit/16b13eee8ad7895b4fe3fcbcabee53bd52782562
reference_id 16b13eee8ad7895b4fe3fcbcabee53bd52782562
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T14:40:44Z/
url https://github.com/h2o/h2o/commit/16b13eee8ad7895b4fe3fcbcabee53bd52782562
2
reference_url https://github.com/h2o/h2o/commit/1ed32b23f999acf0c5029f09c8525f93eb1d354c
reference_id 1ed32b23f999acf0c5029f09c8525f93eb1d354c
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T14:40:44Z/
url https://github.com/h2o/h2o/commit/1ed32b23f999acf0c5029f09c8525f93eb1d354c
3
reference_url https://github.com/h2o/h2o/security/advisories/GHSA-4xp5-3jhc-3m92
reference_id GHSA-4xp5-3jhc-3m92
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T14:40:44Z/
url https://github.com/h2o/h2o/security/advisories/GHSA-4xp5-3jhc-3m92
4
reference_url https://h2o.examp1e.net/configure/http3_directives.html
reference_id http3_directives.html
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T14:40:44Z/
url https://h2o.examp1e.net/configure/http3_directives.html
fixed_packages
0
url pkg:deb/debian/h2o@0?distro=bullseye
purl pkg:deb/debian/h2o@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2024-45403
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgst-7jj7-cuet
14
url VCID-vmb3-588x-byfh
vulnerability_id VCID-vmb3-588x-byfh
summary Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors.
references
0
reference_url http://jvn.jp/en/jp/JVN93226941/index.html
reference_id
reference_type
scores
url http://jvn.jp/en/jp/JVN93226941/index.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-0608
reference_id
reference_type
scores
0
value 0.02444
scoring_system epss
scoring_elements 0.85206
published_at 2026-04-21T12:55:00Z
1
value 0.02444
scoring_system epss
scoring_elements 0.85205
published_at 2026-04-16T12:55:00Z
2
value 0.02444
scoring_system epss
scoring_elements 0.85112
published_at 2026-04-01T12:55:00Z
3
value 0.02444
scoring_system epss
scoring_elements 0.85125
published_at 2026-04-02T12:55:00Z
4
value 0.02444
scoring_system epss
scoring_elements 0.85142
published_at 2026-04-04T12:55:00Z
5
value 0.02444
scoring_system epss
scoring_elements 0.85145
published_at 2026-04-07T12:55:00Z
6
value 0.02444
scoring_system epss
scoring_elements 0.85167
published_at 2026-04-08T12:55:00Z
7
value 0.02444
scoring_system epss
scoring_elements 0.85175
published_at 2026-04-09T12:55:00Z
8
value 0.02444
scoring_system epss
scoring_elements 0.85189
published_at 2026-04-11T12:55:00Z
9
value 0.02444
scoring_system epss
scoring_elements 0.85187
published_at 2026-04-12T12:55:00Z
10
value 0.02444
scoring_system epss
scoring_elements 0.85184
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-0608
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0608
3
reference_url https://github.com/h2o/h2o/issues/1775
reference_id
reference_type
scores
url https://github.com/h2o/h2o/issues/1775
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0608
reference_id CVE-2018-0608
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2018-0608
fixed_packages
0
url pkg:deb/debian/h2o@2.2.5%2Bdfsg1-1?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg1-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg1-1%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2018-0608
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vmb3-588x-byfh
15
url VCID-ydjm-jrpz-bbgs
vulnerability_id VCID-ydjm-jrpz-bbgs
summary lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2016-000091
reference_id
reference_type
scores
url http://jvndb.jvn.jp/jvndb/JVNDB-2016-000091
1
reference_url http://jvn.jp/en/jp/JVN87859762/index.html
reference_id
reference_type
scores
url http://jvn.jp/en/jp/JVN87859762/index.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4817
reference_id
reference_type
scores
0
value 0.07964
scoring_system epss
scoring_elements 0.9208
published_at 2026-04-21T12:55:00Z
1
value 0.07964
scoring_system epss
scoring_elements 0.92081
published_at 2026-04-18T12:55:00Z
2
value 0.07964
scoring_system epss
scoring_elements 0.9204
published_at 2026-04-01T12:55:00Z
3
value 0.07964
scoring_system epss
scoring_elements 0.92045
published_at 2026-04-02T12:55:00Z
4
value 0.07964
scoring_system epss
scoring_elements 0.92053
published_at 2026-04-04T12:55:00Z
5
value 0.07964
scoring_system epss
scoring_elements 0.92058
published_at 2026-04-07T12:55:00Z
6
value 0.07964
scoring_system epss
scoring_elements 0.9207
published_at 2026-04-08T12:55:00Z
7
value 0.07964
scoring_system epss
scoring_elements 0.92073
published_at 2026-04-13T12:55:00Z
8
value 0.07964
scoring_system epss
scoring_elements 0.92077
published_at 2026-04-12T12:55:00Z
9
value 0.07964
scoring_system epss
scoring_elements 0.92084
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4817
3
reference_url https://github.com/h2o/h2o/commit/1c0808d580da09fdec5a9a74ff09e103ea058dd4
reference_id
reference_type
scores
url https://github.com/h2o/h2o/commit/1c0808d580da09fdec5a9a74ff09e103ea058dd4
4
reference_url https://github.com/h2o/h2o/pull/920
reference_id
reference_type
scores
url https://github.com/h2o/h2o/pull/920
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:beta4:*:*:*:*:*:*
reference_id cpe:2.3:a:dena:h2o:*:beta4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:beta4:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4817
reference_id CVE-2016-4817
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2016-4817
fixed_packages
0
url pkg:deb/debian/h2o@0?distro=bullseye
purl pkg:deb/debian/h2o@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2016-4817
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ydjm-jrpz-bbgs
16
url VCID-zbgq-j9v9-sbh5
vulnerability_id VCID-zbgq-j9v9-sbh5
summary H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10872
reference_id
reference_type
scores
0
value 0.00676
scoring_system epss
scoring_elements 0.71492
published_at 2026-04-21T12:55:00Z
1
value 0.00676
scoring_system epss
scoring_elements 0.71513
published_at 2026-04-18T12:55:00Z
2
value 0.00676
scoring_system epss
scoring_elements 0.7142
published_at 2026-04-01T12:55:00Z
3
value 0.00676
scoring_system epss
scoring_elements 0.71429
published_at 2026-04-02T12:55:00Z
4
value 0.00676
scoring_system epss
scoring_elements 0.71446
published_at 2026-04-04T12:55:00Z
5
value 0.00676
scoring_system epss
scoring_elements 0.71421
published_at 2026-04-07T12:55:00Z
6
value 0.00676
scoring_system epss
scoring_elements 0.71461
published_at 2026-04-08T12:55:00Z
7
value 0.00676
scoring_system epss
scoring_elements 0.71474
published_at 2026-04-09T12:55:00Z
8
value 0.00676
scoring_system epss
scoring_elements 0.71496
published_at 2026-04-11T12:55:00Z
9
value 0.00676
scoring_system epss
scoring_elements 0.7148
published_at 2026-04-12T12:55:00Z
10
value 0.00676
scoring_system epss
scoring_elements 0.71462
published_at 2026-04-13T12:55:00Z
11
value 0.00676
scoring_system epss
scoring_elements 0.71508
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10872
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10872
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10872
2
reference_url https://github.com/h2o/h2o/issues/1543
reference_id
reference_type
scores
url https://github.com/h2o/h2o/issues/1543
3
reference_url https://jvn.jp/en/jp/JVN84182676/index.html
reference_id
reference_type
scores
url https://jvn.jp/en/jp/JVN84182676/index.html
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10872
reference_id CVE-2017-10872
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2017-10872
fixed_packages
0
url pkg:deb/debian/h2o@2.2.4%2Bdfsg-1?distro=bullseye
purl pkg:deb/debian/h2o@2.2.4%2Bdfsg-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.4%252Bdfsg-1%3Fdistro=bullseye
1
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye
2
url pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
purl pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye
aliases CVE-2017-10872
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbgq-j9v9-sbh5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye