Lucene search
K

64 matches found

OSV
OSV
added 2026/06/10 12:0 a.m.8 views

ALSA-2026:25090 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a CVSS scor...

7.5CVSS5.5AI score0.11471EPSS
Exploits8References4
OSV
OSV
added 2026/06/10 12:0 a.m.7 views

ALSA-2026:25057 Important: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...

7.5CVSS5.5AI score0.11471EPSS
Exploits8References4
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.9 views

RHEL 9 : mod_http2 (RHSA-2026:25057)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:25057 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote...

7.5CVSS5.5AI score0.11471EPSS
Exploits8References4
RedhatCVE
RedhatCVE
added 2026/06/05 1:58 p.m.13 views

CVE-2026-49975

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS5.5AI score0.11471EPSS
Exploits8References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/05 12:0 a.m.12 views

Security update for tor (moderate)

openSUSE Security Update: Security update for tor Announcement ID: openSUSE-SU-2026:0188-1 Rating: moderate References: Affected Products: openSUSE Backports SLE-15-SP7 An update that contains security fixes can now be installed. Description: This update for tor fixes the following issues: - Upda...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/02 5:59 p.m.13 views

OPENSUSE-SU-2026:20889-1 Security update for tor

This update for tor fixes the following issues: Changes in tor: - Update to 0.4.9.9 Major bugfixes compression, security: - Fix a compression bomb bypass where an attacker could concatenate many gzip or zlib sub-streams, each just under the per-stream detection threshold, to avoid the compression...

5.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 6:11 a.m.13 views

Security Bulletin:Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP

Summary Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads...

6.9CVSS5.8AI score0.00644EPSS
Exploits0Affected Software1
Debian
Debian
added 2026/05/19 12:7 a.m.15 views

[SECURITY] [DLA 4590-1] erlang security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4590-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro May 18, 2026 https://wiki.debian.org/LTS -...

9.4CVSS7.1AI score0.00644EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.14 views

Debian dla-4590 : erlang - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4590 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4590-1 [email protected]...

9.4CVSS7.2AI score0.00644EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS5.8AI score0.00644EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-23943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletio...

6.9CVSS7.1AI score0.00644EPSS
Exploits0References2
OSV
OSV
added 2026/03/13 7:54 p.m.3 views

DEBIAN-CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

5.3CVSS7.3AI score0.00644EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 7:54 p.m.3 views

UBUNTU-CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS5.8AI score0.00644EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.4 views

CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS5.9AI score0.00644EPSS
Exploits0References6
OSV
OSV
added 2026/03/13 9:11 a.m.2 views

CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS6.8AI score0.00644EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/03/13 9:11 a.m.4 views

CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS5.8AI score0.00644EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/13 9:11 a.m.2 views

EUVD-2026-11780

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS5.8AI score0.00644EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:11 a.m.3 views

CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS5.8AI score0.00644EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/13 9:11 a.m.5 views

EEF-CVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflate

Summary Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh ssh\transport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads...

6.9CVSS7.2AI score0.00644EPSS
Exploits0References6
CVE
CVE
added 2026/03/13 9:11 a.m.26 views

CVE-2026-23943

CVE-2026-23943 describes a pre-auth Denial of Service in Erlang OTP ssh_transport due to unbounded zlib inflation (compression bomb). The vulnerability affects the SSH transport layer’s handling of compression, including zlib and [email protected], which can start decompressing attacker-controlled...

6.9CVSS5.8AI score0.00644EPSS
Exploits0References7Affected Software2
Rows per page
Query Builder