Lucene search
K

364 matches found

RedHat Linux
RedHat Linux
added 6 days ago7 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
ATTACKERKB
ATTACKERKB
added 2026/07/01 5:3 p.m.6 views

CVE-2026-54428

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 8:55 p.m.14 views

EUVD-2026-37798

PHP Standard Library: HTTP/2 server-side missing content-length validation enables request smuggling...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/26 1:14 a.m.9 views

CVE-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS6.7AI score0.00656EPSS
Exploits0
OSV
OSV
added 2026/06/24 1:10 p.m.6 views

OESA-2026-2698 libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: A flaw was found in libsoup. The HTTP/2 server in libsoup may not...

8.6CVSS6.9AI score0.00947EPSS
Exploits1References7
OSV
OSV
added 2026/06/24 8:46 a.m.2 views

SUSE-SU-2026:2609-1 Security update for apptainer

This update for apptainer fixes the following issues - CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for arbitrary file writes with target cache path traversal bsc1264177. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of...

10CVSS6.8AI score0.01557EPSS
Exploits1References27
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.36 views

CVE-2023-54365 Traefik - Denial of Service via HTTP/2 Request Handling

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique. A remote attacker can rapidly create and cancel HTTP/2...

8.7CVSS0.00566EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/23 12:12 p.m.5 views

CVE-2023-54365 Traefik - Denial of Service via HTTP/2 Request Handling

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique. A remote attacker can rapidly create and cancel HTTP/2...

8.7CVSS5.9AI score0.00566EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.9 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.8 views

mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase

A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service DoS. The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users...

7.5CVSS5.8AI score0.04409EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.6 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
OSV
OSV
added 2026/06/22 2:35 p.m.3 views

SUSE-SU-2026:22320-1 Security update for amazon-ecs-init

This update for amazon-ecs-init fixes the following issues Update to version 1.103.2: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265843. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded...

9.6CVSS6.9AI score0.00781EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

FreeBSD : nginx -- multiple vulnerabilities (46b654f8-6b28-11f1-b8e5-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 46b654f8-6b28-11f1-b8e5-3497f65b111b advisory. The nginx developers report: A heap memory buffer overflow vulnerability when using the...

9.2CVSS6.5AI score0.03459EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/06/19 1:53 a.m.7 views

SUSE CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

8.1CVSS6.5AI score0.03459EPSS
Exploits1References5
NVD
NVD
added 2026/06/17 6:18 p.m.22 views

CVE-2026-47774

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS0.00815EPSS
Exploits1References10
OSV
OSV
added 2026/06/17 3:16 p.m.4 views

ALPINE-CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.03459EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/17 2:4 p.m.11 views

EUVD-2026-37718

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6AI score0.03459EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/06/17 2:4 p.m.5 views

CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.03459EPSS
Exploits1
FreeBSD
FreeBSD
added 2026/06/17 12:0 a.m.10 views

nginx -- multiple vulnerabilities

The nginx developers report: A use-after-free vulnerability when using HTTP/3 and processing a specially crafted QUIC session may allow memory corruption or a segmentation fault in a worker process CVE-2026-42530. A heap memory buffer overflow vulnerability when using the "ignoreinvalidheaders...

9.2CVSS5.7AI score0.03459EPSS
Exploits4References1
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.8 views

SUSE SLES15 Security Update : tomcat11 (SUSE-SU-2026:2374-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2374-1 advisory. This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: - CVE-2026-41284: Unbounded read in WebDAV LOCK and...

9.8CVSS6.7AI score0.01339EPSS
Exploits2References22
Rows per page
Query Builder