Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.12 views

nginx 1.31.x < 1.31.2 Use-After-Free Vulnerability

The installed version of nginx is 1.31.x prior to 1.31.2. It is, therefore, affected by the following vulnerability: - NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along...

9.2CVSS6.3AI score0.03225EPSS
Exploits3References3
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.13 views

CVE-2026-48748

A flaw was found in Netty. A remote attacker can exploit a memory exhaustion vulnerability in the Netty HTTP/3 codec by creating an infinite number of blocked streams. This can lead to an Out Of Memory OOM error, resulting in a Denial of Service DoS for the affected system. Mitigation Mitigation...

7.5CVSS5AI score0.00366EPSS
Exploits0References5
OSV
OSV
added 2026/06/03 8:59 p.m.7 views

GHSA-VVGJ-X9JQ-8CJ9 quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion

Summary An attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field names and/or large values. The implementation builds an http.Header for t...

5.3CVSS5.8AI score0.00279EPSS
Exploits0References7
CVE
CVE
added 2026/05/25 2:0 p.m.24 views

CVE-2026-47077

The CVE affects hackney (versions 2.0.0–4.0.0) due to an unbounded in-memory accumulation in hackney_h3:await_response_loop/6, where HTTP/3 response chunks are buffered without a cap. A malicious server can keep sending small chunks, preventing loop termination and exhausting the BEAM heap, leadi...

8.2CVSS5.9AI score0.00703EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/02/01 1:15 p.m.3 views

UBUNTU-CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

7.4CVSS6.3AI score0.02667EPSS
Exploits1References4
Rows per page
Query Builder