Lucene search
K

360 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.5 views

openSUSE 16 Security Update : elemental-toolkit (openSUSE-SU-2026:20921-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20921-1 advisory. This update for elemental-toolkit fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of...

9.1CVSS7.6AI score0.01557EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48688

Name of the Vulnerable Software and Affected Versions netty-codec-http2 versions prior to 4.1.135.Final netty-codec-http2 versions prior to 4.2.15.Final Description The DelegatingDecompressorFrameListener class manages HTTP/2 decompression by using a per-stream EmbeddedChannel to run decompressio...

7.5CVSS5.3AI score0.00594EPSS
Exploits0References39
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.11 views

CVE-2026-49160

Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network...

7.5CVSS5.9AI score0.48438EPSS
Exploits2References1
OSV
OSV
added 2026/06/10 1:22 p.m.6 views

SUSE-SU-2026:2348-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265764. Changes for google-cloud-sap-agent: - Update to version 3.14 bsc1265991...

7.5CVSS5.4AI score0.00781EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 11:45 a.m.11 views

CVE-2026-47774

A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service...

7.5CVSS5.7AI score0.00708EPSS
Exploits1References3
Hacker One
Hacker One
added 2026/06/10 7:54 a.m.29 views

curl: Incomplete Suppression of Transfer-Encoding: chunked Header in HTTP/2 After Redirect From HTTP/1.1

When curl send a request with Transfer-Encoding: chunked using HTTP/1.1, and follows a redirect to an HTTP/2 endpoint, the uploadchunky flag is not properly reset. As a result, the Transfer-Encoding: chunked header is sent in the subsequent request even when HTTP/2 is negotiated/used. This violat...

5.3AI score
Exploits0
OSV
OSV
added 2026/06/10 12:0 a.m.7 views

ALSA-2026:25057 Important: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...

7.5CVSS5.5AI score0.11471EPSS
Exploits8References4
OSV
OSV
added 2026/06/09 1:48 p.m.10 views

USN-8398-2 nginx regression

USN-8398-1 fixed a vulnerability in nginx. The update introduced a regression causing nginx to crash when being used with external modules. This update reverts the fix for CVE-2026-49975 pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovere...

7.5CVSS5.6AI score0.11471EPSS
Exploits8References2
OSV
OSV
added 2026/06/09 12:51 p.m.6 views

SUSE-SU-2026:2314-1 Security update for libsoup

This update for libsoup fixes the following issues - CVE-2026-1801: HTTP Request Smuggling in soupfilterinputstreamreadline bsc1257649. - CVE-2026-4271: use-after-free in the HTTP/2 server when user signal handlers disconnect connections during callback execution bsc1259767...

7.5CVSS5.7AI score0.00829EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/08 11:2 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforcement of the advertised...

6.9CVSS5.5AI score0.00292EPSS
Exploits0References2
Debian
Debian
added 2026/06/07 8:6 a.m.14 views

[SECURITY] [DLA 4620-1] apache2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4620-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 07, 2026 https://wiki.debian.org/LTS -...

7.5CVSS5.3AI score0.11471EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2026/06/05 1:58 p.m.13 views

CVE-2026-49975

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS5.5AI score0.11471EPSS
Exploits8References4
OSV
OSV
added 2026/06/05 12:11 p.m.3 views

SUSE-SU-2026:2280-1 Security update for ignition

This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751...

7.5CVSS5.5AI score0.00781EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.63 views

Suricata < 7.0.16 / 8.x < 8.0.5 Multiple Vulnerabilities

The version of OISF Suricata installed on the remote host is prior to 7.0.16 or 8.x prior to 8.0.5. It is, therefore, affected by multiple vulnerabilities, including: - A protocol change while processing HTTP/2 traffic could lead to type confusion in Suricata. Crafted traffic may cause Suricata t...

5.8AI score0.02219EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.15 views

SUSE CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

2.3CVSS5.8AI score0.00349EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/03 4:53 a.m.23 views

mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase

A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service DoS. The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users...

7.5CVSS5.8AI score0.04409EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.19 views

PT-2026-45903

Name of the Vulnerable Software and Affected Versions Vinyl Cache versions prior to 9.0.1 Varnish Cache versions prior to 9.0.3 Description A deficiency in HTTP/2 request parsing allows for a backend request desync attack, also known as request smuggling. This issue can lead to cache poisoning,...

2.3CVSS5.8AI score0.00349EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:15 p.m.10 views

CVE-2026-48862

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...

8.2CVSS5.8AI score0.00384EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/02 12:0 a.m.10 views

ALSA-2026:22551 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

7.5CVSS5.8AI score0.04409EPSS
Exploits1References4
Amazon
Amazon
added 2026/05/26 12:0 a.m.23 views

Important: containerd

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.4AI score0.00813EPSS
Exploits0
Rows per page
Query Builder