99 matches found
nginx:1.24 security update
1.24.0-7.0.1.2 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 1:1.24.0-7.2 - Resolves: RHEL-178681 - nginx:1.24/nginx: code execution and denial of service CVE-2026-9256 - Resolves: RHEL-182554 - nginx:1.24/nginx: HTTP/2: Remote Denial o...
Oracle Linux 9 : mod_http2 (ELSA-2026-22551)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-22551 advisory. - Resolves: RHEL-182417 - modhttp2: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 Tenable has extracted the...
Oracle Linux 9 : mod_http2 (ELSA-2026-25057)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-25057 advisory. - Resolves: RHEL-182417 - modhttp2: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 Tenable has extracted the...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.4
Red Hat OpenShift Service Mesh 3.3.4 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.3....
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.9
Red Hat OpenShift Service Mesh 3.1.9 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.1....
RLSA-2026:25225 Important: mod_http2 security update
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...
mod_http2 security update
An update is available for modhttp2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top o...
RLSA-2026:25090 Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a CVSS scor...
RHEL 10 : mod_http2 (RHSA-2026:25225)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:25225 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remot...
ALSA-2026:25225 Important: mod_http2 security update
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...
Important: Red Hat Security Advisory: mod_http2 security update
An update for modhttp2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
ALSA-2026:25057 Important: mod_http2 security update
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...
Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a CVSS scor...
GO-2026-4594 Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS) in github.com/traefik/traefik
Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes Slowloris DOS in github.com/traefik/traefik...
CVE-2026-27630
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service DoS attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit or an appropriate...
CVE-2026-27630 TinyWeb vulnerable to Remote Denial of Service via Thread/Connection Exhaustion (Slowloris)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service DoS attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit or an appropriate...
EUVD-2026-8764
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service DoS attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit or an appropriate...
CVE-2024-41742
IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service...
CVE-2025-6599
An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50ABVY.6.3C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service DoS attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt...
EUVD-2025-197903
An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50ABVY.6.3C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service DoS attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt...