Lucene search
+L

39 matches found

rocky
rocky
added 2026/07/08 6:3 p.m.6 views

nginx:1.26 security, bug fix, and enhancement update

An update is available for nginx, module.nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...

9.2CVSS7.9AI score0.03552EPSS
Exploits1
redhat
redhat
added 2026/07/08 12:3 p.m.9 views

Important: Red Hat Security Advisory: nginx:1.26 security, bug fix, and enhancement update

An update for the nginx:1.26 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.2CVSS7.9AI score0.03552EPSS
Exploits1References2
osv
osv
added 2026/07/08 12:0 a.m.3 views

ALSA-2026:36618 Important: nginx:1.24 security, bug fix, and enhancement update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers CVE-2026-42055 Bug Fixes...

9.2CVSS7.4AI score0.03552EPSS
Exploits1References4
osv
osv
added 2026/07/08 12:0 a.m.4 views

ALSA-2026:36639 Important: nginx:1.26 security, bug fix, and enhancement update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers CVE-2026-42055 Bug Fixes...

9.2CVSS7.4AI score0.03552EPSS
Exploits1References4
redhat
redhat
added 2026/07/07 7:24 p.m.7 views

nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS6.3AI score0.03552EPSS
Exploits1References5
almalinux
almalinux
added 2026/07/07 12:0 a.m.5 views

Important: nginx security, bug fix, and enhancement update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers CVE-2026-42055 Bug Fixes...

9.2CVSS7.9AI score0.03552EPSS
Exploits1References4
osv
osv
added 2026/07/07 12:0 a.m.4 views

ALSA-2026:36331 Important: nginx security, bug fix, and enhancement update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers CVE-2026-42055 Bug Fixes...

9.2CVSS7.4AI score0.03552EPSS
Exploits1References4
astralinux
astralinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Node.js

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS7.2AI score0.03782EPSS
Exploits0References3
osv
osv
added 2026/06/20 6:53 a.m.5 views

OPENSUSE-SU-2026:21121-1 Security update for tomcat11

This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....

9.8CVSS6.7AI score0.01339EPSS
Exploits2References14
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.33 views

PT-2026-50438

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A flaw in the ngx http proxy v2 module and ngx http grpc module modules can be triggered when NGINX is configured to proxy HTTP/2 traffic...

9.2CVSS7.5AI score0.03552EPSS
Exploits1References86
osv
osv
added 2026/06/10 6:44 a.m.13 views

USN-8417-1 tomcat9, tomcat10 vulnerabilities

It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. CVE-2026-41284 It was discovered that Tomcat incorrectly validated HTTP/2...

9.8CVSS7.7AI score0.01339EPSS
Exploits2References7
redhatcve
redhatcve
added 2026/06/05 1:13 p.m.11 views

CVE-2026-41293

Apache Tomcat did not validate HTTP/2 request headers, triggering unexpected application behavior, as applications may presume that header values exposed through the Servlet API would be valid...

9.8CVSS5.4AI score0.01339EPSS
Exploits0References4
astralinux
astralinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in Apache2

HTTP/2 incoming headers that exceed the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client continues to send headers, this can lead to memory exhaustion...

7.5CVSS7AI score0.91327EPSS
Exploits2References2
mageia
mageia
added 2026/05/15 6:17 a.m.18 views

Updated tomcat packages fix security vulnerability

Unbounded read in WebDAV LOCK and PROPFIND handling. CVE-2026-41284 HTTP/2 request headers not validated. CVE-2026-41293 WebSocket authentication header exposure. CVE-2026-42498 Digest authenticator will authenticate any unknown user. CVE-2026-43512 LockOutRealm treats user names as case-sensitiv...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References9
osv
osv
added 2026/05/15 6:17 a.m.11 views

MGASA-2026-0139 Updated tomcat packages fix security vulnerability

Unbounded read in WebDAV LOCK and PROPFIND handling. CVE-2026-41284 HTTP/2 request headers not validated. CVE-2026-41293 WebSocket authentication header exposure. CVE-2026-42498 Digest authenticator will authenticate any unknown user. CVE-2026-43512 LockOutRealm treats user names as case-sensitiv...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References10
osv
osv
added 2026/05/12 6:30 p.m.7 views

GHSA-R29C-68GH-XP6X Apache Tomcat - HTTP/2 request headers not validated

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: HTTP/2 request headers were not validated which may have triggered unexpected application behaviour if the...

9.8CVSS5.8AI score0.01339EPSS
Exploits0References16
cvelist
cvelist
added 2026/05/12 3:19 p.m.82 views

CVE-2026-41293 Apache Tomcat: HTTP/2 request headers not validated

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to...

0.01339EPSS
Exploits0References1
redhat
redhat
added 2026/04/10 4:3 p.m.2 views

nodejs: Nodejs denial of service

A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...

7.5CVSS7AI score0.03782EPSS
Exploits0References5
veracode
veracode
added 2026/03/11 7:39 a.m.7 views

Denial Of Service (DoS)

Node.js is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of malformed HTTP/2 HEADERS frames containing invalid HPACK data, which can trigger an unhandled TLSSocket ECONNRESET error and cause the Node.js process to crash, enabling remote denial of service...

7.5CVSS5.8AI score0.03782EPSS
Exploits0References21Affected Software1
ptsecurity
ptsecurity
added 2026/01/01 12:0 a.m.3 views

PT-2026-3360

Name of the Vulnerable Software and Affected Versions Node.js versions affected versions not specified Description A flaw in Node.js TLS error handling can allow remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thro...

9.8CVSS6.7AI score0.01056EPSS
Exploits0References369
Rows per page
Query Builder