Lucene search
K

124 matches found

SUSE Linux
SUSE Linux
added 2026/03/26 8:57 a.m.2 views

Security update for nghttp2

This update for nghttp2 fixes the following issues: CVE-2026-27135: Assertion failure due to missing state validation can lead to DoS bsc1259845. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...

8.2CVSS5.8AI score0.00775EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 12:31 p.m.2 views

SUSE-SU-2026:20833-1 Security update for nghttp2

This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845...

7.5CVSS5.9AI score0.00775EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 12:30 p.m.1 views

OPENSUSE-SU-2026:20413-1 Security update for nghttp2

This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845...

7.5CVSS5.9AI score0.00775EPSS
Exploits0References2
OSV
OSV
added 2026/03/23 10:38 p.m.6 views

JLSEC-2026-5 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/03/20 8:2 a.m.8 views

nghttp2 Denial of service: Assertion failure due to the missing state validation

...

7.5CVSS5.8AI score0.00775EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/19 1:35 p.m.3 views

CVE-2026-27135

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS5.7AI score0.00775EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/19 12:26 a.m.4 views

SUSE CVE-2026-27135

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References24
Cvelist
Cvelist
added 2026/03/18 5:59 p.m.21 views

CVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validation

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS0.00775EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/18 5:59 p.m.2 views

CVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validation

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/18 5:59 p.m.2 views

EUVD-2026-12919

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/18 5:59 p.m.8 views

CVE-2026-27135

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/18 5:59 p.m.2 views

CVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validation

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS5.9AI score0.00775EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.5 views

nghttp2 安全漏洞

nghttp2 is a C library developed under open source by nghttp2. Versions of nghttp2 prior to 1.68.1 contained security vulnerabilities; these vulnerabilities stemmed from the lack of internal state validation, which could lead to assertion failures...

7.5CVSS6.9AI score0.00775EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.5 views

CVE-2026-28477

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...

7.1CVSS5.8AI score0.00133EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 10:16 p.m.10 views

CVE-2026-28477

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...

7.1CVSS0.00133EPSS
Exploits0References3
OSV
OSV
added 2026/02/18 5:41 p.m.3 views

GHSA-7RCP-MXPQ-72PJ OpenClaw Chutes manual OAuth state validation bypass can cause credential substitution

Summary The manual Chutes OAuth login flow could accept attacker-controlled callback input in a way that bypassed OAuth CSRF state validation, potentially resulting in credential substitution. Impact If an attacker can convince a user to paste attacker-provided OAuth callback data during the manu...

5.9CVSS5.7AI score0.00133EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/18 5:41 p.m.18 views

OpenClaw Chutes manual OAuth state validation bypass can cause credential substitution

Summary The manual Chutes OAuth login flow could accept attacker-controlled callback input in a way that bypassed OAuth CSRF state validation, potentially resulting in credential substitution. Impact If an attacker can convince a user to paste attacker-provided OAuth callback data during the manu...

7.1CVSS5.7AI score0.00133EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-23552

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The manual Chutes OAuth login flow in OpenClaw is susceptible to a bypass of OAuth CSRF state validation. This allows an attacker to bypass CSRF protection by convincing a user to paste...

7.1CVSS5.8AI score0.00133EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/01/28 12:24 a.m.5 views

SUSE CVE-2026-24408

sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. OAuthSession creates a unique "state" and sends it as a parameter in the authentication request bu...

5CVSS5.9AI score0.00158EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/26 10:21 p.m.3 views

EUVD-2026-4729

sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. OAuthSession creates a unique "state" and sends it as a parameter in the authentication request bu...

5.9AI score0.00158EPSS
Exploits0References3
Rows per page
Query Builder