102 matches found
google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
EulerOS Virtualization 2.13.0 : nghttp2 (EulerOS-SA-2026-2409)
According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...
CVE-2025-59609 Buffer Over-read in WLAN Host Communication
Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length...
[SECURITY] [DSA 6266-1] nghttp2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6266-1 [email protected] https://www.debian.org/security/ Aron Xu May 14, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
Snappier 安全漏洞
Snappier is a pure C version of the Google Snappy compression algorithm developed by Brant Burnett. Versions prior to Snappier 1.3.1 contained a security vulnerability; this vulnerability stemmed from the inability to escape an infinite loop that occurred when SnappierStream decompressed Snappy...
CVE-2026-43032 NFC: pn533: bound the UART receive buffer
In the Linux kernel, the following vulnerability has been resolved: NFC: pn533: bound the UART receive buffer pn532receivebuf appends every incoming byte to dev-recvskb and only resets the buffer after pn532uartrxisframe recognizes a complete frame. A continuous stream of bytes without a valid...
Important: Red Hat Security Advisory: nodejs:20 security update
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
Important: Red Hat Security Advisory: nodejs:20 security update
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
RHEL 9 : nghttp2 (RHSA-2026:8546)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8546 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
Important: Red Hat Security Advisory: nghttp2 security update
An update for nghttp2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...