1391 matches found
Security update for dnsdist
This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: CVE-2025-8671: Add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. CVE-2025-30187: denial of service via crafted DoH exchange bsc1250054. Patch Instructions: To install this SUSE update use the SUSE recommend...
Linux Distros Unpatched Vulnerability : CVE-2026-27141
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic CVE-2026-27141 Note that Nessus relies on the presence of the...
EUVD-2026-8880
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...
CVE-2026-27141
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...
Uncaught Exception
Overview golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. Affected versions of this package are vulnerable to Uncaught Exception due to missing nil check. An attacker can cause the server to panic and potentially disrupt service by sending specially crafted HTTP/2 frames...
openSUSE 16 Security Update : nodejs22 (openSUSE-SU-2026:20236-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20236-1 advisory. Update to 22.22.0: - CVE-2025-55130: file system permissions bypass via crafted symlinks bsc1256569. - CVE-2025-55131: timeout-based race...
SUSE-SU-2026:20486-1 Security update for google-osconfig-agent
This update for google-osconfig-agent fixes the following issues: - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers bsc1236533...
SUSE-SU-2026:20483-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers bsc1236533...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : DNSdist vulnerabilities (USN-8037-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8037-1 advisory. It was discovered that HTTP/2, which is used/vendored by DNSdist, did not properly account for resources when handling client-trigger...
amphp/http-server affected by HTTP/2 DDoS vulnerability
Versions of amphp/http-server prior to 3.4.4 for the 3.x release branch and prior to 2.1.10 for the 2.x release branch are vulnerable to the HTTP/2 "MadeYouReset" DoS attack described by CVE-2025-8671 and https://kb.cert.org/vuls/id/767506. In versions 3.4.4 and 2.1.10, stream reset protection ha...
EulerOS Virtualization 2.10.1 : mod_http2 (EulerOS-SA-2026-1131)
According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be...
Security update for nodejs22
This update for nodejs22 fixes the following issues: Security fixes: CVE-2026-22036: Fixed unbounded decompression chain in HTTP response leading to resource exhaustion bsc1256848 CVE-2026-21637: Fixed synchronous exceptions thrown during callbacks that bypass TLS error handling and causing denia...
OESA-2026-1220 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
AZL-75077 CVE-2025-59465 affecting package nodejs for versions less than 20.14.0-13
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
CVE-2025-59465
CVE-2025-59465 is observed affecting Node.js packages across multiple Amazon Linux and Fedora advisories. The issue concerns Node.js HTTP/2 server handling of malformed HEADERS frames with oversized HPACK data, leading to a crash via an unhandled TLSSocket error (ECONNRESET) and remote DoS. Affec...
CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
MiracleLinux 8 : tomcat-9.0.62-5.el8.2 (AXSA:2023-6527:03)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6527:03 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...