SUSE-SU-2026:21732-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264...

CVE-2026-41293

Summary: CVE-2026-41293 is an Apache Tomcat vulnerability described as an Improper Input Validation issue. The connected sources confirm impact across multiple Tomcat branches: 11.0.0-M1 to 11.0.21, 10.1.0-M1 to 10.1.54, 9.0.0.M1 to 9.0.117, and 10.0.0-M1 to 10.0.27. The CVSS 3.1 data indicates a...

openSUSE 16 Security Update : ignition (openSUSE-SU-2026:20603-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20603-1 advisory. This update for ignition fixes the following issue: - CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseud...

SUSE SLES15 Security Update : azure-storage-azcopy (SUSE-SU-2026:1395-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1395-1 advisory. - CVE-2026-33186: Authorization bypass in grpc-go due to improper validation of the HTTP/2 :path pseudo- header bsc1260307. Tenable has...

SUSE-SU-2026:21128-1 Security update for ignition

This update for ignition fixes the following issue: - CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header bsc1260251...

SUSE SLES15 / openSUSE 15 Security Update : google-cloud-sap-agent (SUSE-SU-2026:1194-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1194-1 advisory. This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: -...

Security update for ignition

This update for ignition fixes the following issue: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260251 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2026:1200-1 Security update for ignition

This update for ignition fixes the following issue: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260251...

CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

Azure Linux 3.0 Security Update: mod_http2 (CVE-2021-31618)

The version of modhttp2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-31618 advisory. - Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the si...

Medium: nerdctl

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

SUSE CVE-2015-0799

The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header...

UBUNTU-CVE-2022-31779

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

PT-2022-20925 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 9.1.2 Description: The issue is related to improper input validation in HTTP/2 header parsing, allowing an attacker to smuggle requests. Recommendations: For Apache Traffic Server versions 8.0.0...

CVE-2021-31922

An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3...

ALPINE-CVE-2019-9516

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory fo...

Apache Tomcat Denial of Service Vulnerability (CNVD-2016-11592)

Apache Tomcat is a popular open source JSP application server program. A denial of service vulnerability exists in Apache Tomcat, which can be exploited by an attacker to cause the HTTP/2 header parser to enter an infinite loop, resulting in a denial of service...