USN-8338-2 apache2 regression

USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression that prevented modhttp2 from loading on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server incorrectly...

ROOT-APP-MAVEN-GHSA-XPW8-RCWV-8F8P GHSA-xpw8-rcwv-8f8p in io.root.io.netty:netty-codec-http2 - Patched by Root

Root has patched GHSA-xpw8-rcwv-8f8p in the io.root.io.netty:netty-codec-http2 package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2024-22201 CVE-2024-22201 in io.root.org.eclipse.jetty.http2:jetty-http2-common - Patched by Root

Root has patched CVE-2024-22201 in the io.root.org.eclipse.jetty.http2:jetty-http2-common package for Root:Maven. Multiple fixed versions available...

SUSE SLES15 Security Update : go1.26-openssl (SUSE-SU-2026:2092-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2092-1 advisory. This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME...

SUSE-SU-2026:2104-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

SUSE-SU-2026:2103-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

osv-java-poc

OSV Scanner CVE Detection POC — Vulnerable Java App ⚠️ WA...

GHSA-RW47-HM26-6WR7 CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests

Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose Content-Length is not positive — most notably HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests sent without a content-length header. Coraza is then evaluated against an empty body...

Security update for google-guest-agent

This update for google-guest-agent fixes the following issue CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like Ya...

SUSE-SU-2026:2092-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.319 Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and...

Amazon Linux 2023 : runc (ALAS2023-2026-1715)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1715 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1739)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1739 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

Amazon Linux 2023 : yq (ALAS2023-2026-1716)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1716 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2026-125 (ALASDOCKER-2026-125)

The version of runc installed on the remote host is prior to 1.3.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-125 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a...

Amazon Linux 2 : golist, --advisory ALAS2-2026-3308 (ALAS-2026-3308)

The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3308 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2ECS-2026-118 (ALASECS-2026-118)

The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-118 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...

Amazon Linux 2023 : golist (ALAS2023-2026-1742)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1742 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1735)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1735 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3309 (ALAS-2026-3309)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3309 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag...