Vendor
Dena
Products
2
CVEs
4
Across products
7
Status
Private
Products
2- 5 CVEs
- 2 CVEs
Recent CVEs
4| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-7835 | Cri | 0.59 | 9.1 | 0.03 | Jun 9, 2017 | Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information. | |
| CVE-2016-4817 | Hig | 0.49 | 7.5 | 0.08 | Jun 19, 2016 | lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet. | |
| CVE-2016-1133 | Low | 0.24 | 3.7 | 0.00 | Jan 16, 2016 | CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI. | |
| CVE-2015-5638 | 0.00 | — | 0.00 | Sep 20, 2015 | Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL. |