Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the http/2 server implementation. An attacker can cause application instability or crashes by sending specially crafted HTTP/2 requests that trigger authentication failures, leading to access of freed memory. Note: Thi...

CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

UBUNTU-CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

CVE-2026-4271

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

CVE-2026-4271 Libsoup: libsoup: denial of service via use-after-free in http/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20350-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20350-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733:...

SUSE SLED15 / SLES15 Security Update : dnsdist (SUSE-SU-2026:0888-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0888-1 advisory. Update to dnsdist 1.9.11: - CVE-2025-8671: Add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. -...

SUSE-SU-2026:0888-1 Security update for dnsdist

This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: - CVE-2025-8671: Add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. - CVE-2025-30187: denial of service via crafted DoH exchange bsc1250054...

GO-2026-4686 AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass in github.com/AdguardTeam/AdGuardHome

AdGuard Home: HTTP/2 Cleartext h2c Upgrade Authentication Bypass in github.com/AdguardTeam/AdGuardHome...

AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass

VULNERABILITY: HTTP/2 Cleartext h2c Upgrade Authentication Bypass ======================================================================== Severity: CRITICAL CVSS 3.1: 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE: CWE-287 Improper Authentication Component: internal/home/web.go Affected:...

AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass

An unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext h2c. Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware...

Denial Of Service (DoS)

Node.js is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of malformed HTTP/2 HEADERS frames containing invalid HPACK data, which can trigger an unhandled TLSSocket ECONNRESET error and cause the Node.js process to crash, enabling remote denial of service...

Debian dsa-6160 : libnetty-java - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6160 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6160-1 [email protected]...

PT-2026-24857

AdGuard Home and Affected Versions AdGuard Home versions prior to 0.107.73 Description AdGuard Home is a network-wide software for blocking ads and tracking. A critical issue exists where an unauthenticated remote attacker can bypass all authentication mechanisms. This is achieved by sending an...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.12 (RHSA-2026:3891)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3891 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release o...

undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

SUSE CVE-2026-27141

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...

AZL-78680 CVE-2026-27141 affecting package azurelinux-image-tools 1.2.0-1

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...

AZL-78653 CVE-2026-27141 affecting package azl-otel-collector 0.127.0-1

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...