22 matches found
USN-8430-1 adsys vulnerabilities
It was discovered that ADSys did not properly handle certain HTTP/2 frames. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 26.04 LTS. CVE-2026-27141 It was discovered that ADSys did not properly handle certain HTTP/2 SETTINGS frames. ...
CLEANSTART-2026-VS17175 Security fixes for CVE-2026-24051, CVE-2026-27139, CVE-2026-27141, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 3.6.0-r3
Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-YM45607 Security fixes for CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2026-27141, CVE-2026-33186, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x, ghsa-p77j-4mvh-x3m3 applied in versions: 2.14.2-r0, 2.14.2-r1, 2.14.2-r2
Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-4HJQ-9H5C-252J Traefik: HTTP/2 frames can cause a running server to panic
Summary More Details: - https://nvd.nist.gov/vuln/detail/CVE-2026-27141 - https://pkg.go.dev/golang.org/x/net/http2?tab=versions Patches - https://github.com/traefik/traefik/releases/tag/v3.6.10 - https://github.com/traefik/traefik/releases/tag/v2.11.40 For more information If you have any...
CVE-2026-27141 vulnerabilities
Vulnerabilities for packages: splunk-otel-collector, buildkite-agent-fips, terraform-provider-acme, cluster-api-azure-controller, apache-beam-python-3.13-sdk, apm-server, nemo, apache-beam-python-3.11-sdk, kube-rbac-proxy, flux-source-watcher-fips, crossplane-provider-aws-memorydb,...
Linux Distros Unpatched Vulnerability : CVE-2026-27141
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic CVE-2026-27141 Note that Nessus relies on the presence of the...
CVE-2026-27141
creationtimestamp| type| source ---|---|--- 2026-02-28 10:01:27+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfvxrxbj4j2c 2026-03-13 01:20:01+00:00| seen| https://bsky.app/profile/dbt3.ch/post/3mgvqpkdona2m 2026-03-16 00:00:00+00:00| seen|...
CVE-2026-27141
A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames types 0x0a through 0x0f can cause t...
AZL-78680 CVE-2026-27141 affecting package azurelinux-image-tools 1.2.0-1
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...
CVE-2026-27141
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...
AZL-78653 CVE-2026-27141 affecting package azl-otel-collector 0.127.0-1
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...
CVE-2021-27141
An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded j7aLyZ98sSd5HfSgGjMj8;Ss;d&^@$a2s0i3g key. The webs binary has details on how XOR is used...
EUVD-2025-204993
Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...
CVE-2025-27141
Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see resul...
CVE-2025-27141
creationtimestamp| type| source ---|---|--- 2025-02-24 22:22:23+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5230 2025-02-25 00:39:07+00:00| seen| https://t.me/cvedetector/18832 2025-03-02 11:45:37+00:00| seen| Telegram/tEVz3iKe6Q4BOdDA0KUiMoHmAZLffmp5yNY42hgU3f3m2tcj...
CVE-2025-27141 Metabase Enterprise Edition allows cached questions to leak data to impersonated users
Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see resul...
CVE-2025-27141 Metabase Enterprise Edition allows cached questions to leak data to impersonated users
Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see resul...
CVE-2024-27141 Pre-authenticated Time-Based Blind XXE injection
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity XXE vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. A...
CVE-2024-27141 Pre-authenticated Time-Based Blind XXE injection
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity XXE vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. A...
CVE-2021-27141
An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded j7aLyZ98sSd5HfSgGjMj8;Ss;d&^@$a2s0i3g key. The webs binary has details on how XOR is used...