Lucene search
K

4434 matches found

The Hacker News
The Hacker News
added 5 days ago8 views

Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service

Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service DoS condition. The vulnerabilities are...

9.8CVSS7.5AI score0.00502EPSS
Exploits0
OSV
OSV
added 2026/06/26 2:16 a.m.3 views

ALPINE-CVE-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS6.3AI score0.00656EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.10 views

libcurl 7.88.0 < 8.21.0 HTTP/2 Stream-Dependency Tree Use-After-Free

The version of libcurl installed on the remote host is 7.88.0 prior to 8.21.0. It is, therefore, affected by a use-after-free vulnerability: - A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree and subsequently invokes curleasyreset...

5.8AI score0.00206EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Jetty9

In the Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that may result in the active connections and associated resources not being properly cleaned up. This can lead to a Denial of Service scenario, where there are not enough...

7.5CVSS6.7AI score0.0227EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in golang-golang-x-net, golang-1.19

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request’s headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.91969EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48916

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description Netty HTTP/2 max header size handling allows for an attack similar to HTTP/2 Rapid Reset. When a client sends the SETTINGS MAX HEADER LIST SIZE setting, the...

6.9CVSS5.2AI score0.00302EPSS
Exploits0References8
OSV
OSV
added 2026/06/11 1:27 p.m.8 views

GHSA-5375-PQ7M-F5R2 @grpc/grpc-js: A malformed request can cause a server crash

Impact An invalid incoming HTTP/2 stream initiation can cause a server process to crash. This affects all servers created using @grpc/grpc-js. Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 - 1.14.4 Workarounds There is no workaround...

7.5CVSS5.5AI score0.00052EPSS
Exploits0References8
Ubuntu
Ubuntu
added 2026/06/10 6:44 a.m.27 views

USN-8417-1: Tomcat vulnerabilities

It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. CVE-2026-41284 It was discovered that Tomcat incorrectly validated HTTP/2...

9.8CVSS7.7AI score0.01339EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/06/06 5:19 p.m.116 views

Exploit for CVE-2026-42926

CVE-2026-42926 NGINX HTTP/2 Frame Injection Lab A controlled...

6.3CVSS5.7AI score0.00339EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

RHEL 10 : mod_http2 (RHSA-2026:22528)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:22528 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP...

7.5CVSS5.6AI score0.04409EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.36 views

Debian dsa-6323 : apache2 - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6323 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6323-1 [email protected] https://www.debian.org/security/...

7.5CVSS5.4AI score0.11471EPSS
Exploits8References5
SUSE Linux
SUSE Linux
added 2026/06/05 12:11 p.m.8 views

Security update for ignition

This update for ignition fixes the following issue CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

7.5CVSS5.4AI score0.00781EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 12:3 p.m.9 views

RLSA-2026:22551 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

5.3CVSS6.8AI score0.04409EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.11 views

openSUSE 16 Security Update : libsoup (openSUSE-SU-2026:20845-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20845-1 advisory. This update for libsoup fixes the following issue - CVE-2026-4271: use-after-free in the HTTP/2 server when user signal handlers disconnect connections...

7.5CVSS6AI score0.00829EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/01 12:0 a.m.9 views

Security update for libsoup (important)

openSUSE security update: security update for libsoup ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20845-1 Rating: important References: bsc1259767 Cross-References: CVE-2026-4271 CVSS scores: CVE-2026-4271 SUSE : 8.6...

8.8CVSS5.9AI score0.00829EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 1:40 p.m.7 views

OPENSUSE-SU-2026:20845-1 Security update for libsoup

This update for libsoup fixes the following issue - CVE-2026-4271: use-after-free in the HTTP/2 server when user signal handlers disconnect connections during callback execution bsc1259767...

7.5CVSS5.9AI score0.00829EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.18 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1743)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1743 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

7.5CVSS7.6AI score0.00813EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.12 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1741)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1741 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

7.5CVSS7.5AI score0.00813EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.18 views

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1738)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1738 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

7.5CVSS7.5AI score0.00813EPSS
Exploits0References16
Amazon
Amazon
added 2026/05/26 12:0 a.m.19 views

Important: amazon-ecr-credential-helper

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.5AI score0.00813EPSS
Exploits0
Rows per page
Query Builder