Amazon Linux 2023 : docker (ALAS2023-2026-1736)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1736 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

Important: cri-tools

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

Important: golist

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

Linux Distros Unpatched Vulnerability : CVE-2026-33814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value ...

Infinite loop

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Infinite loop. Go Vulnerability Report: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

EUVD-2019-5532

Malware in sbrugna...

CVE-2025-1948 Eclipse Jetty HTTP clients can increase memory allocation

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...

CVE-2019-14307

Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is...

CVE-2019-14305

Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the print...

Atlassian Confluence 7.19.7 < 7.19.11 Tomcat Dependancy Vulnerabilty

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.15 prior to 7.13.19, 7.19.7 prior to 7.19.11 or 8.1.1 prior to 8.4.1. It is, therefore, affected by a vulnerability in the bundled Apache Tomcat. If non-default HTTP connector...

VulnCheck KEV: CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...