Lucene search
K

455 matches found

FreeBSD
FreeBSD
added 2026/05/13 12:0 a.m.25 views

nginx-devel -- multiple vulnerabilities

The nginx project reports: nginx 1.31.0 fixes multiple security issues affecting HTTP/2 proxying, rewrite handling, SCGI/uWSGI response handling, charset conversion, HTTP/3 connection migration, and OCSP resolver response processing...

9.2CVSS6AI score0.61469EPSS
Exploits41References2
Snyk
Snyk
added 2026/05/12 5:22 p.m.10 views

Improper Validation of Syntactic Correctness of Input

Overview org.apache.tomcat:coyote is a maven plugin for Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the processing of HTTP/2 request headers. An attacker can cause unexpected behavior or potentiall...

9.8CVSS5.8AI score0.01339EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/11 9:39 p.m.8 views

Moderate: Red Hat Security Advisory: libsoup3 security update

An update for libsoup3 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.2CVSS5.8AI score0.00829EPSS
Exploits2References3
OSV
OSV
added 2026/05/11 12:0 a.m.7 views

ALSA-2026:15968 Moderate: libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

8.2CVSS5.8AI score0.00829EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.28 views

PT-2026-38379

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description HttpContentDecompressor and DelegatingDecompressorFrameListener used for HTTP/2 connections utilize a maxAllocation parameter to limit decompression buffer...

7.5CVSS5.9AI score0.00748EPSS
Exploits1References405
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.21 views

PT-2026-38374

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description In the HttpObjectDecoder component, the software fails to strip the Content-Length header when an HTTP/1.0 request contains both Transfer-Encoding: chunked...

9.8CVSS5.8AI score0.00515EPSS
Exploits1References407
Github Security Blog
Github Security Blog
added 2026/05/05 9:46 p.m.14 views

Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 `:scheme` atom-table exhaustion

Summary An unauthenticated remote denial-of-service vulnerability in Plug.Cowboy.Conn allows any attacker who can reach an HTTPS Plug.Cowboy listener via HTTP/2 to permanently exhaust the BEAM atom table and crash the entire Erlang VM. Am I Affected? All users running plugcowboy with HTTP/2 may b...

8.7CVSS5.9AI score0.00545EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/05 9:46 p.m.7 views

EUVD-2026-25845

Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 :scheme atom-table exhaustion...

8.7CVSS5.8AI score0.00545EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2026/05/05 3:58 p.m.10 views

K000161120: HTTP/2 vulnerability CVE-2025-8671

Security Advisory Description A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service DoS. By opening streams and th...

7.5CVSS6AI score0.04604EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/05/05 1:44 p.m.154 views

Exploit for Double Free in Apache Http_Server

Apache HTTP Server: http2: Double Free and possible RCE on e...

8.8CVSS5.8AI score0.4581EPSS
Exploits16
OSV
OSV
added 2026/05/05 12:0 a.m.6 views

UBUNTU-CVE-2026-23918

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

8.8CVSS6AI score0.4581EPSS
Exploits16References3
AlpineLinux
AlpineLinux
added 2026/05/04 2:44 p.m.7 views

CVE-2026-23918

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

8.8CVSS5.8AI score0.4581EPSS
Exploits16
RedHat Linux
RedHat Linux
added 2026/04/30 10:57 a.m.9 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.60 security and extras update

Red Hat OpenShift Container Platform release 4.16.60 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a security impact of...

9.1CVSS7.6AI score0.01557EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.8 views

Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : HAProxy vulnerability (USN-8208-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8208-1 advisory. Martino Spagnuolo discovered that HAProxy did not check received body lengths in the HTTP/3 parser. A remote attacker could possibly use this...

5.8CVSS5.8AI score0.00297EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/04/27 1:54 a.m.8 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS7.5AI score0.01557EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/22 2:37 p.m.6 views

actix-http has HTTP/1.1 CL.TE Request Smuggling

A vulnerability in actix-http's HTTP/1.1 request parser allows an unauthenticated remote client to smuggle requests in deployments where a front-end HTTP intermediary and the Actix backend disagree about whether Content-Length or Transfer-Encoding: chunked defines the request body length. Severit...

5.8AI score
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/16 7:28 p.m.15 views

Important: Red Hat Security Advisory: nghttp2 security update

An update for nghttp2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS7.1AI score0.00775EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.5 views

RHEL 8 : nghttp2 (RHSA-2026:8541)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8541 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/13 6:30 p.m.4 views

EUVD-2026-21997

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be...

4CVSS5.8AI score0.00297EPSS
Exploits1References5
OSV
OSV
added 2026/04/13 12:0 a.m.6 views

ALSA-2026:7666 Important: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 For more details about the security issues, including the impact, a CVSS...

7.5CVSS5.7AI score0.00775EPSS
Exploits0References4
Rows per page
Query Builder