Lucene search
K

61 matches found

CVE
CVE
added 2 hours ago10 views

CVE-2026-59762

CVE-2026-59762 affects BIG-IP’s TMM when an HTTP/2 profile is configured on a virtual server. Affected: HTTP/2 profile handling can cause undisclosed requests to increase memory resource utilization, leading to degraded system performance and potential DoS. This is a remote, unauthenticated data-...

8.7CVSS6.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS : curl vulnerabilities (USN-8525-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8525-1 advisory. Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP...

9.8CVSS6.7AI score0.01378EPSS
Exploits10References11
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.6 views

Security update for ignition (important)

openSUSE security update: security update for ignition ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21108-1 Rating: important References: bsc1265751 Cross-References: CVE-2026-33814 CVSS scores: CVE-2026-33814 SUSE : 7.5...

7.5CVSS6.7AI score0.00781EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 9:4 a.m.8 views

SUSE-SU-2026:22249-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

10CVSS7AI score0.91969EPSS
Exploits3References32
CVE
CVE
added 2026/06/18 6:1 p.m.167 views

CVE-2026-48937

A vulnerability in Node.js HTTP/2 server API can cause servers to continue accepting data after sending a GOAWAY frame. Affected release lines are Node.js 22 and Node.js 24. The issue is documented across multiple feeds (NVD, CVE-2026-48937 and HackerOne report) and is addressed in the June 2026 ...

5.3CVSS5.2AI score0.00445EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.8 views

SUSE SLES15 Security Update : kubernetes1.25 (SUSE-SU-2026:2345-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2345-1 advisory. Security fixes: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE...

8.7CVSS5.5AI score0.00781EPSS
Exploits0References8
OSV
OSV
added 2026/06/10 1:15 p.m.6 views

SUSE-SU-2026:2342-1 Security update for kubernetes

This update for kubernetes fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265748. - CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service...

8.7CVSS5.4AI score0.00781EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.14 views

RHEL 9 : mod_http2 (RHSA-2026:22551)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:22551 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP...

7.5CVSS5.6AI score0.04409EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.23 views

SUSE SLES15 Security Update : go1.26-openssl (SUSE-SU-2026:2092-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2092-1 advisory. This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME...

7.5CVSS6AI score0.00813EPSS
Exploits0References36
OSV
OSV
added 2026/05/28 12:34 p.m.11 views

SUSE-SU-2026:2103-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS7.6AI score0.4581EPSS
Exploits18References23
OSV
OSV
added 2026/05/13 7:0 a.m.19 views

MGASA-2026-0129 Updated apache packages fix security vulnerabilities

http2: double free and possible RCE on early reset. CVE-2026-23918 modrewrite elevation of privileges via apexpr. CVE-2026-24072 buffer overflow in modproxyajp via ajpmsgcheckheader. CVE-2026-28780 modmd unrestricted OCSP response. CVE-2026-29168 moddavlock indirect lock crash. CVE-2026-29169...

9.8CVSS6.1AI score0.4581EPSS
Exploits18References16
Vulnrichment
Vulnrichment
added 2026/05/04 2:44 p.m.6 views

CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.8AI score0.4581EPSS
Exploits16References1
NVD
NVD
added 2026/05/01 9:16 p.m.7 views

CVE-2026-42788

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames. 'Elixir.Bandit.HTTP2.Frame':deserialize/2 in lib/bandit/http2/frame.ex checks the SETTINGSMAXFRAMESIZE limit only after pattern-matching...

6.9CVSS0.0051EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.5 views

SUSE SLES15 Security Update : nodejs20 (SUSE-SU-2026:1371-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1371-1 advisory. Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

7.5CVSS7AI score0.26356EPSS
Exploits0References22
Github Security Blog
Github Security Blog
added 2026/02/10 12:25 a.m.15 views

amphp/http-server affected by HTTP/2 DDoS vulnerability

Versions of amphp/http-server prior to 3.4.4 for the 3.x release branch and prior to 2.1.10 for the 2.x release branch are vulnerable to the HTTP/2 "MadeYouReset" DoS attack described by CVE-2025-8671 and https://kb.cert.org/vuls/id/767506. In versions 3.4.4 and 2.1.10, stream reset protection ha...

7.5CVSS5.4AI score0.0351EPSS
Exploits3References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.12 views

MiracleLinux 8 : tomcat-9.0.62-5.el8.2 (AXSA:2023-6527:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6527:03 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References2
RedHat Linux
RedHat Linux
added 2026/01/19 12:18 a.m.11 views

Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.16 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System CVSS base score, which gives a detailed severity rating, ...

8.7CVSS7AI score0.02644EPSS
Exploits1References11
Rockylinux
Rockylinux
added 2025/12/05 9:2 a.m.20 views

nghttp2 security update

An update is available for nghttp2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nghttp2 contains the Hypertext Transfer Protocol version 2 HTTP/2 client,...

7.5CVSS7AI score0.99999EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2025/11/21 12:0 a.m.3 views

EulerOS 2.0 SP13 : mod_http2 (EulerOS-SA-2025-2450)

According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...

7.5CVSS7.2AI score0.01149EPSS
Exploits0References2
Mageia
Mageia
added 2025/11/05 10:49 p.m.34 views

Updated libsoup3 & libsoup packages fix security vulnerabilities

Libsoup: heap buffer over-read in skipinsignificantspace when sniffing content. CVE-2025-2784 Libsoup: denial of service attack to websocket server. CVE-2025-32049 Libsoup: integer overflow in appendparamquoted. CVE-2025-32050 Libsoup: segmentation fault when parsing malformed data uri...

9CVSS7.1AI score0.00847EPSS
Exploits2References7
Rows per page
Query Builder