Lucene search
K

23 matches found

Tenable Nessus
Tenable Nessus
added 5 days ago5 views

RockyLinux 9 : nginx:1.24 (RLSA-2026:36618)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:36618 advisory. nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers CVE-2026-42055 Bug Fixes and Enhancements:...

9.2CVSS7.5AI score0.03459EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2026/06/22 1:28 p.m.7 views

USN-8458-1: nginx vulnerabilities

It was discovered that nginx incorrectly handled large headers when proxying HTTP/2 traffic. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the...

9.2CVSS6.2AI score0.03459EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.9 views

nginx 1.13.10 < 1.30.3 / 1.31.x < 1.31.2 Buffer Overflow

The installed version of nginx is 1.13.10 prior to 1.30.3, or 1.31.x prior to 1.31.2. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

9.2CVSS6.6AI score0.03459EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2026/06/11 3:34 p.m.7 views

Security update for tomcat11

This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. CVE-2026-42498: WebSocket authentication header exposure bsc1265165...

8.7CVSS6.6AI score0.01339EPSS
Exploits2References28
OSV
OSV
added 2026/05/14 11:56 a.m.11 views

BIT-TOMCAT-2026-41293 Apache Tomcat: HTTP/2 request headers not validated

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.0 through 9.0.117, from 10.0.0 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to upgrade to...

9.8CVSS5.7AI score0.01339EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.5 views

openSUSE 16 Security Update : nodejs22 (openSUSE-SU-2026:20236-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20236-1 advisory. Update to 22.22.0: - CVE-2025-55130: file system permissions bypass via crafted symlinks bsc1256569. - CVE-2025-55131: timeout-based race...

9.1CVSS6.9AI score0.03782EPSS
Exploits2References21
OSV
OSV
added 2026/02/17 9:38 a.m.4 views

SUSE-SU-2026:20486-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers bsc1236533...

7.5CVSS6.7AI score0.91969EPSS
Exploits1References3
OSV
OSV
added 2026/02/17 9:37 a.m.2 views

SUSE-SU-2026:20483-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers bsc1236533...

7.5CVSS6.7AI score0.91969EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/02/17 9:33 a.m.3 views

nodejs: Nodejs denial of service

A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...

7.5CVSS5.8AI score0.03782EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/17 1:5 a.m.2 views

nodejs: Nodejs denial of service

A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...

7.5CVSS7.4AI score0.03782EPSS
Exploits0References5
OSV
OSV
added 2026/01/20 9:16 p.m.7 views

AZL-75077 CVE-2025-59465 affecting package nodejs for versions less than 20.14.0-13

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS7.2AI score0.03782EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 8:41 p.m.3 views

CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS5.5AI score0.03782EPSS
Exploits0References1
CVE
CVE
added 2026/01/20 8:41 p.m.29 views

CVE-2025-59465

CVE-2025-59465 is observed affecting Node.js packages across multiple Amazon Linux and Fedora advisories. The issue concerns Node.js HTTP/2 server handling of malformed HEADERS frames with oversized HPACK data, leading to a crash via an unhandled TLSSocket error (ECONNRESET) and remote DoS. Affec...

7.5CVSS5.5AI score0.03782EPSS
Exploits0References20Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-1428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/02/14 7:3 a.m.4 views

SUSE CVE-2023-1428

There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References3
Amazon
Amazon
added 2024/08/06 12:0 a.m.8 views

Medium: nerdctl

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

9.8CVSS6.8AI score0.91969EPSS
Exploits1
Amazon
Amazon
added 2024/05/30 12:0 a.m.7 views

Medium: golist

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.9AI score0.91969EPSS
Exploits1
OSV
OSV
added 2024/04/04 9:15 p.m.5 views

AZL-39463 CVE-2023-45288 affecting package skopeo for versions less than 1.14.2-3

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 8:15 p.m.5 views

AZL-40012 CVE-2024-27316 affecting package httpd for versions less than 2.4.59-1

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

7.5CVSS6.6AI score0.91327EPSS
Exploits2References1
OSV
OSV
added 2024/04/04 8:15 p.m.4 views

AZL-40001 CVE-2024-27316 affecting package httpd for versions less than 2.4.61-1

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

7.5CVSS6.8AI score0.91327EPSS
Exploits2References1
Rows per page
Query Builder