SUSE SLES15 Security Update : kubernetes1.26 (SUSE-SU-2026:2325-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2325-1 advisory. This update for kubernetes1.26 fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transpo...

SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2026:2340-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2340-1 advisory. This update for kubernetes1.23 fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transpo...

Exploit for Memory Allocation with Excessive Size Value in Apache Http_Server

http2-bomb-detector HTTP/2 Bomb CVE-2026-49975 Non-destru...

CVE-2026-48043

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

UBUNTU-CVE-2026-50560

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting in the http2 specification called...

UBUNTU-CVE-2026-48043

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

UBUNTU-CVE-2026-47244

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

CVE-2026-50560 Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting in the http2 specification called...

CVE-2026-50560 Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting in the http2 specification called...

CVE-2026-48043 netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

EUVD-2026-36494

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

CVE-2026-48043

Netty CVE-2026-48043 affects netty-codec-http2 before 4.1.135.Final and 4.2.15.Final. A flaw in DelegatingDecompressorFrameListener uses a per-stream EmbeddedChannel to decompress frames (gzip/deflate/zstd) and forwards chunks to a tail handler; decompressed ByteBuf ownership is not robust, allow...

CVE-2026-48043 netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

CVE-2026-47244

Netty HTTP/2 CVE-2026-47244 affects Netty 4.1.135.Final and 4.2.15.Final. Before patch, DefaultHttp2Connection.DefaultEndpoint initializes maxActiveStreams/maxStreams to Integer.MAX_VALUE and Http2Settings does not insert SETTINGS_MAX_CONCURRENT_STREAMS by default, so a Netty HTTP/2 server can ad...

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana OnPrem build 1.0.319 Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended...

SUSE-SU-2026:2377-1 Security update for tomcat10

This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by improper resource management due to Eclipse Jetty

Summary Eclipse Jetty in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of HTTP/HTTPS client requests for Apache Solr Admin UI. CVE-2025-5115. Vulnerability Details CVEID:CVE-2025-5115 DESCRIPTION: In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21,...

Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265764. Changes for google-cloud-sap-agent: Update to version 3.14 bsc1265991 Patch Instructions: To install this SUSE...

SUSE-SU-2026:2372-1 Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265764. Changes for google-cloud-sap-agent: - Update to version 3.14 bsc1265991...

netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion

Impact The DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the appropriate decompression codec gzip, deflate, zstd and forwards decompressed chunks to a wrapped listener. Each decompressed chunk is a pooled ByteBuf...