AZL-78680 CVE-2026-27141 affecting package azurelinux-image-tools 1.2.0-1

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...

AZL-78629 CVE-2026-27141 affecting package nmi 1.8.17-6

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...

AZL-78656 CVE-2026-27141 affecting package buildah 1.41.4-6

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...

CVE-2026-27141

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...

CVE-2026-27141

The CVE-2026-27141 affects golang.org/x/net’s HTTP/2 frame handling. A missing nil check when sending frames in the 0x0a–0x0f range can cause a running server to panic. The description documents the root cause and symptom but does not specify affected versions, concrete impact scope, exploitation...

CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception due to missing nil check. An attacker can cause the server to panic and potentially disrupt service by sending specially crafted HTTP/2 frames with values between 0x0a and 0x0f. Remediation Upgrade...

PT-2026-22177

Name of the Vulnerable Software and Affected Versions versions prior to 2026-27141 Description A missing nil check allows a server to panic when receiving specific HTTP/2 frames, specifically those ranging from 0x0a to 0x0f. This issue does not have any reported real-world incidents or estimated...

nodejs: Nodejs denial of service

A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...

nodejs: Nodejs denial of service

A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...

Exploit for CVE-2025-8671

CVE-2025-8671-vulnerability-POC- CVE-2025-8671 vulnerability P...

Denial of Service via "MadeYouReset" vulnerability

Versions of amphp/http-server prior to 3.4.4 for the 3.x release branch and prior to 2.1.10 for the 2.x release branch are vulnerable to the HTTP/2 "MadeYouReset" DoS attack described by CVE-2025-8671 and https://kb.cert.org/vuls/id/767506. In versions 3.4.4 and 2.1.10, stream reset protection ha...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: varnish (UTSA-2026-005271)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005271 advisory. A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may resul...

[SECURITY] [DSA 6121-1] tomcat11 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6121-1 [email protected] https://www.debian.org/security/ Markus Koschany February 05, 2026 https://www.debian.org/security/faq -...

Debian dsa-6121 : libtomcat11-embed-java - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6121 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6121-1 [email protected] https://www.debian.org/securit...

EulerOS Virtualization 2.10.0 : mod_http2 (EulerOS-SA-2026-1182)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be...

CLEANSTART-2026-WG18689 attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

Multiple security vulnerabilities affect the minio-client-fips package. An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. See references for individual vulnerability details...

NewStart CGSL MAIN 6.06 : nodejs Multiple Vulnerabilities (NS-SA-2025-0241)

The remote NewStart CGSL host, running version MAIN 6.06, has nodejs packages installed that are affected by multiple vulnerabilities: - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects...

Updated haproxy packages fix bugs

Haproxy has two major, a few medium and a few minor bugs fixed in the last upstream version 2.8.18 of branch 2.8. Fixed major bugs list: - quic: use ncbmbuf for CRYPTO handling - stream: Force channel analysis on successful synchronous send Fixed medium bugs list: - dns: bind the nameserver...

MGASA-2026-0019 Updated haproxy packages fix bugs

Haproxy has two major, a few medium and a few minor bugs fixed in the last upstream version 2.8.18 of branch 2.8. Fixed major bugs list: - quic: use ncbmbuf for CRYPTO handling - stream: Force channel analysis on successful synchronous send Fixed medium bugs list: - dns: bind the nameserver socke...