Lucene search
K

24 matches found

Cvelist
Cvelist
added 2026/06/17 4:58 p.m.25 views

CVE-2026-47774 Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS0.00708EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2026/06/05 12:4 p.m.16 views

mod_http2 security update

An update is available for modhttp2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top o...

7.5CVSS6.8AI score0.04409EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.10 views

RockyLinux 9 : mod_http2 (RLSA-2026:22551)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:22551 advisory. httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 Tenable has extracted the preceding description block directly from the RockyLinux securi...

7.5CVSS5.6AI score0.04409EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.19 views

AlmaLinux 10 : mod_http2 (ALSA-2026:22528)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:22528 advisory. httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

7.5CVSS6.9AI score0.04409EPSS
Exploits1References3
Rockylinux
Rockylinux
added 2026/06/01 6:2 p.m.44 views

httpd:2.4 security update

An update is available for modhttp2, module.modmd, module.modhttp2, modmd, module.httpd, httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

9.8CVSS6.3AI score0.04409EPSS
Exploits1
OSV
OSV
added 2026/04/17 1:2 p.m.6 views

OESA-2026-1954 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

7.5CVSS6.7AI score0.26356EPSS
Exploits0References7
OSV
OSV
added 2026/04/17 1:2 p.m.8 views

OESA-2026-1953 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

7.5CVSS6.4AI score0.26356EPSS
Exploits0References7
OSV
OSV
added 2026/04/17 1:2 p.m.8 views

OESA-2026-1952 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

7.5CVSS7.1AI score0.26356EPSS
Exploits0References7
OSV
OSV
added 2026/04/13 10:59 a.m.4 views

SUSE-SU-2026:21181-1 Security update for nodejs24

This update for nodejs24 fixes the following issues: Update to version 24.14.1. Security issues fixed: - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716:...

7.5CVSS5.8AI score0.26356EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.4 views

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1576)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1576 advisory. A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs,...

7.5CVSS6.8AI score0.26356EPSS
Exploits0References14
Amazon
Amazon
added 2026/04/13 12:0 a.m.6 views

Important: nodejs22

Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...

7.5CVSS7.1AI score0.26356EPSS
Exploits0
OSV
OSV
added 2026/03/28 7:26 a.m.10 views

MGASA-2026-0071 Updated nodejs packages fix security vulnerabilities

Incomplete fix for CVE-2026-21637: loadSNI in tlswrap.js lacks try/catch leading to Remote DoS. CVE-2026-21637 Denial of Service via proto header name in req.headersDistinct Uncaught TypeError crashes Node.js process. CVE-2026-21710 Timing side-channel in HMAC verification via memcmp in...

7.5CVSS5.9AI score0.26356EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.12 views

MiracleLinux 8 : container-tools:4.0 (AXSA:2023-5976:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5976:02 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions...

7.5CVSS7.1AI score0.05623EPSS
Exploits5References15
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 9 : toolbox-0.0.99.3-9.el9 (AXSA:2023-5654:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5654:01 advisory. golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 golang: net/http: An attacker can cause excessive memory growth in a Go...

7.5CVSS7.6AI score0.05623EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-28319

Name of the Vulnerable Software and Affected Versions Node.js versions 20.x through 25.x Description A flaw exists in the Node.js Permission Model's filesystem enforcement, specifically leaving the fs.realpathSync.native function without the necessary read permission checks. Comparable filesystem...

5.9CVSS6.3AI score0.00385EPSS
Exploits0References179
OSV
OSV
added 2025/08/04 3:7 p.m.3 views

SUSE-SU-2025:02684-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 - CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 - CVE-2024-47252: Fixed insufficie...

9.1CVSS7.1AI score0.04409EPSS
Exploits2References15
SUSE Linux
SUSE Linux
added 2025/07/31 6:27 a.m.10 views

Security update for apache2

This update for apache2 fixes the following issues: CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 CVE-2024-47252: Fixed insufficient...

8.8CVSS6.6AI score0.04409EPSS
Exploits2References28
OSV
OSV
added 2025/07/22 9:36 p.m.5 views

CVE-2025-53538 Suricata's mishandling of data on HTTP2 stream 0 can lead to resource starvation

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of...

7.5CVSS6.4AI score0.00432EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2025/01/24 7:33 p.m.2 views

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.18.2: CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random...

7.8CVSS7AI score0.01282EPSS
Exploits0References12
SUSE Linux
SUSE Linux
added 2025/01/24 4:34 p.m.3 views

Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to 18.20.6: CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici bsc1236258 Patc...

7.4CVSS7.3AI score0.01282EPSS
Exploits0References8
Rows per page
Query Builder