Lucene search
K

294 matches found

RedHat Linux
RedHat Linux
added 6 days ago4 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
NVD
NVD
added 2026/06/24 10:16 p.m.6 views

CVE-2026-10642

The Zephyr PL011 UART driver drivers/serial/uartpl011.c contains an unbounded software loop in pl011irqtxenable that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask bit PL011IMSCTXIM is set, to work around the controller's level-transition TX-interrupt...

6.5CVSS0.00185EPSS
Exploits1References2
CVE
CVE
added 2026/06/24 9:32 p.m.11 views

CVE-2026-10642

The CVE-2026-10642 issue affects the Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) where pl011_irq_tx_enable() can spin in an unbounded loop when CTS hardware flow control is enabled and CTS is de-asserted by the peer. This causes the TX interrupt to remain masked and the controller to s...

6.5CVSS5.9AI score0.00185EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 9:32 p.m.21 views

CVE-2026-10642 Unbounded TX busy-loop DoS in Zephyr PL011 UART driver under CTS hardware flow control

The Zephyr PL011 UART driver drivers/serial/uartpl011.c contains an unbounded software loop in pl011irqtxenable that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask bit PL011IMSCTXIM is set, to work around the controller's level-transition TX-interrupt...

6.5CVSS0.00185EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: CGX: fix bitmap leaks The RX/TX flow-control bitmaps rxfcpfvfbmap and txfcpfvfbmap are allocated by cgxlmacinit, but never freed in cgxlmacexit. Unbinding and rebinding the driver therefore triggers a kmemleak:...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-52101

Name of the Vulnerable Software and Affected Versions Zephyr versions 4.1.0 through 4.4.0 Description The PL011 UART driver in drivers/serial/uart pl011.c contains an unbounded software loop within the pl011 irq tx enable function. This loop repeatedly invokes the interrupt-driven application...

6.5CVSS6AI score0.00185EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.9 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.6 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
OSV
OSV
added 2026/06/22 11:10 a.m.2 views

SUSE-SU-2026:2482-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths bsc1248235. - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished...

9.8CVSS7.3AI score0.93235EPSS
Exploits48References222
OSV
OSV
added 2026/06/15 1:6 p.m.4 views

SUSE-SU-2026:22127-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2026-23254: net: gro: fix outer network offset bsc1259884. - CVE-2026-23303: smb: client: Don't log plaintext credentials in cifssetcifscreds bsc1260502. -...

9.8CVSS6.2AI score0.00514EPSS
Exploits0References125
GithubExploit
GithubExploit
added 2026/06/13 5:5 p.m.168 views

Exploit for Memory Allocation with Excessive Size Value in Apache Http_Server

CVE-2026-49975 HTTP/2 Bomb Complete Reproduction Guide Bas...

7.5CVSS5.5AI score0.11471EPSS
Exploits8
NVD
NVD
added 2026/06/12 4:16 p.m.49 views

CVE-2026-48043

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

7.5CVSS0.00594EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/12 2:39 p.m.35 views

CVE-2026-48043 netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

5.3CVSS0.00594EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.80 views

📄 HTTP/2 Multi-Server HPACK Exhaustion

This code implements a multi-target HTTP/2 resource exhaustion framework designed to stress or overwhelm server implementations through protocol-level amplification techniques. It includes server-specific payload generation for multiple platforms, automated connection orchestration, stream scalin...

5.4AI score
Exploits0
OSV
OSV
added 2026/06/11 1:28 p.m.9 views

GHSA-C2GF-V879-257J netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion

Impact The DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the appropriate decompression codec gzip, deflate, zstd and forwards decompressed chunks to a wrapped listener. Each decompressed chunk is a pooled ByteBuf...

5.3CVSS5.5AI score0.00594EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2026/06/11 1:28 p.m.13 views

netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion

Impact The DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the appropriate decompression codec gzip, deflate, zstd and forwards decompressed chunks to a wrapped listener. Each decompressed chunk is a pooled ByteBuf...

7.5CVSS5.5AI score0.00594EPSS
Exploits0References14Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/11 10:46 a.m.20 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added 2026/06/10 4:54 p.m.19 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
Imperva Blog
Imperva Blog
added 2026/06/04 3:43 p.m.15 views

Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service DoS vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Code...

7.5CVSS5.6AI score0.11471EPSS
Exploits8
GithubExploit
GithubExploit
added 2026/06/04 6:22 a.m.722 views

Exploit for CVE-2026-49975

CVE-2026-49975 — HTTP/2 Bomb PoC !CVEhttps://img.shields...

5.8AI score0.11471EPSS
Exploits8
Rows per page
Query Builder