Lucene search
K

25 matches found

OSV
OSV
added 2026/07/01 6:16 p.m.3 views

UBUNTU-CVE-2026-54428

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2026/06/25 1:18 p.m.9 views

USN-8472-1: containerd vulnerabilities

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...

9.9CVSS6.4AI score0.00781EPSS
Exploits0
OSV
OSV
added 2026/06/25 1:15 p.m.9 views

USN-8471-1 containerd vulnerabilities

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu...

9.4CVSS6.4AI score0.00781EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

SUSE SLES15 Security Update : azure-storage-azcopy (SUSE-SU-2026:2466-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2466-1 advisory. This update for azure-storage-azcopy fixes the following issues Update to 10.32.4: - CVE-2025-47907: database/sql: incorrect result...

9.6CVSS6.7AI score0.01557EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.17 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : ADSys vulnerabilities (USN-8430-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8430-1 advisory. It was discovered that ADSys did not properly handle certain HTTP/2 frames. A remote attacker could possibly...

7.5CVSS7.9AI score0.00781EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Amazon Linux 2 : amazon-ssm-agent, --advisory ALAS2-2026-3350 (ALAS-2026-3350)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.4515.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3350 advisory. When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it...

7.5CVSS5.5AI score0.00781EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2026-1813)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1813 advisory. When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0. CVE-2026-33814 Tenable has extracte...

7.5CVSS5.5AI score0.00781EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.11 views

Amazon Linux 2 : golist, --advisory ALAS2-2026-3308 (ALAS-2026-3308)

The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3308 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a...

7.5CVSS7.4AI score0.00813EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.14 views

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3309 (ALAS-2026-3309)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3309 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag...

7.5CVSS7.4AI score0.00813EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.17 views

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2ECS-2026-118 (ALASECS-2026-118)

The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-118 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...

7.5CVSS7.5AI score0.00813EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.15 views

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1739)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1739 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

7.5CVSS7.5AI score0.00813EPSS
Exploits0References16
Amazon
Amazon
added 2026/05/26 12:0 a.m.20 views

Important: oci-add-hooks

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.5AI score0.00813EPSS
Exploits0
Amazon
Amazon
added 2026/05/26 12:0 a.m.17 views

Important: oci-add-hooks

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.5AI score0.00813EPSS
Exploits0
Amazon
Amazon
added 2026/05/26 12:0 a.m.24 views

Important: libcap

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

7.5CVSS7.2AI score0.00813EPSS
Exploits0
Amazon
Amazon
added 2026/05/26 12:0 a.m.25 views

Important: rclone

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

7.5CVSS7.2AI score0.00813EPSS
Exploits0
OSV
OSV
added 2026/03/23 10:38 p.m.4 views

JLSEC-2026-1 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of se...

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...

7.5CVSS6.6AI score0.05316EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2025/12/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-1948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZ...

7.5CVSS7AI score0.00625EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-18093

Malware in sbrugna...

5.9CVSS5.7AI score0.01086EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.14 views

EUVD-2025-14031

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.00625EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 3:20 p.m.9 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in Eclipse Jetty

Summary There is vulnerability in Eclipse Jetty used by Install Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-1948 DESCRIPTION: In Eclipse Jetty versions 12.0.0 t...

7.5CVSS6.5AI score0.00625EPSS
Exploits0Affected Software1
Rows per page
Query Builder