Lucene search
+L

26 matches found

SUSE Linux
SUSE Linux
added 2026/07/10 12:48 p.m.4 views

Security update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provid

This update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-random, terraform-provider-susepubliccloud, terraform-provider-tls fixes the following issue...

7.5CVSS6.7AI score0.00781EPSS
Exploits0References6
Redos
Redos
added 2026/07/10 12:0 a.m.6 views

ROS-20260710-73-0009

The vulnerability in the HTTP/2 implementation using the Go programming language arises from executing a loop with an unreachable exit condition when processing the value of SETTINGSMAXFRAMESIZE, which is equal to 0. Exploiting this vulnerability could allow a remote attacker to cause a service...

7.5CVSS6.1AI score0.00781EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.6 views

Security update for ignition (important)

openSUSE security update: security update for ignition ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21108-1 Rating: important References: bsc1265751 Cross-References: CVE-2026-33814 CVSS scores: CVE-2026-33814 SUSE : 7.5...

7.5CVSS6.5AI score0.00781EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/06/23 12:0 a.m.3 views

The vulnerability of the Go language-based HTTP/2 protocol implementation allows a attacker to cause a service failure.

The vulnerability in the HTTP/2 implementation using the Go programming language arises from executing a loop with an unreachable exit condition when processing the value of SETTINGSMAXFRAMESIZE, which is equal to 0. Exploiting this vulnerability could allow a remote attacker to cause a service...

7.8CVSS5.8AI score0.00781EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/18 4:40 p.m.4 views

SUSE-SU-2026:2460-1 Security update for kubernetes-old

This update for kubernetes-old fixes the following issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265747. - CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of servic...

8.7CVSS5.8AI score0.00781EPSS
Exploits0References5
OSV
OSV
added 2026/06/09 2:34 p.m.8 views

SUSE-SU-2026:2325-1 Security update for kubernetes1.26

This update for kubernetes1.26 fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265740. - CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service...

8.7CVSS5.4AI score0.00781EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2026-1813)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1813 advisory. When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0. CVE-2026-33814 Tenable has extracte...

7.5CVSS5.5AI score0.00781EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.13 views

CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

7.5CVSS5.4AI score0.00781EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/04 12:43 p.m.2 views

net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

A flaw was found in the HTTP/2 protocol implementation within the Go standard library golang.org/x/net and net/http/internal/http2. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGSMAXFRAMESIZE parameter set to zero. This...

7.5CVSS6.1AI score0.00781EPSS
Exploits0References9
OSV
OSV
added 2026/06/02 3:7 p.m.7 views

SUSE-SU-2026:21991-1 Security update for ignition

This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751...

7.5CVSS5.4AI score0.00781EPSS
Exploits0References3
OSV
OSV
added 2026/05/11 5:44 a.m.14 views

BIT-GOLANG-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References17
Vulnrichment
Vulnrichment
added 2026/05/07 7:41 p.m.7 views

CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

5.8AI score0.00781EPSS
Exploits0References5
OSV
OSV
added 2026/05/07 7:41 p.m.3 views

CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

7.5CVSS6.7AI score0.00781EPSS
Exploits0References19
EUVD
EUVD
added 2026/05/07 3:43 a.m.20 views

EUVD-2026-26715

Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion...

8.7CVSS5.8AI score0.00549EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.8 views

PT-2026-36544

Name of the Vulnerable Software and Affected Versions bandit versions 0.3.6 through 1.10.x Description An issue in the deserialize/2 function within Elixir.Bandit.HTTP2.Frame allows unauthenticated memory exhaustion through oversized HTTP/2 frames. The system checks the SETTINGS MAX FRAME SIZE...

6.9CVSS5.9AI score0.0051EPSS
Exploits0References11
NVD
NVD
added 2025/02/26 7:1 a.m.12 views

CVE-2022-49654

In the Linux kernel, the following vulnerability has been resolved: net: dsa: qca8k: reset cpu port on MTU change It was discovered that the Documentation lacks of a fundamental detail on how to correctly change the MAXFRAMESIZE of the switch. In fact if the MAXFRAMESIZE is changed while the cpu...

5.5CVSS0.00243EPSS
Exploits0References3
OSV
OSV
added 2025/02/26 7:1 a.m.2 views

DEBIAN-CVE-2022-49654

In the Linux kernel, the following vulnerability has been resolved: net: dsa: qca8k: reset cpu port on MTU change It was discovered that the Documentation lacks of a fundamental detail on how to correctly change the MAXFRAMESIZE of the switch. In fact if the MAXFRAMESIZE is changed while the cpu...

5.5CVSS5.4AI score0.00243EPSS
Exploits0References1
OSV
OSV
added 2025/02/26 7:1 a.m.3 views

UBUNTU-CVE-2022-49654

In the Linux kernel, the following vulnerability has been resolved: net: dsa: qca8k: reset cpu port on MTU change It was discovered that the Documentation lacks of a fundamental detail on how to correctly change the MAXFRAMESIZE of the switch. In fact if the MAXFRAMESIZE is changed while the cpu...

5.5CVSS5.7AI score0.00243EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/02/26 2:23 a.m.15 views

CVE-2022-49654 net: dsa: qca8k: reset cpu port on MTU change

In the Linux kernel, the following vulnerability has been resolved: net: dsa: qca8k: reset cpu port on MTU change It was discovered that the Documentation lacks of a fundamental detail on how to correctly change the MAXFRAMESIZE of the switch. In fact if the MAXFRAMESIZE is changed while the cpu...

0.00243EPSS
Exploits0References3
CVE
CVE
added 2025/02/26 2:23 a.m.71 views

CVE-2022-49654

CVE-2022-49654 pertains to the Linux kernel, specifically the net: dsa: qca8k component. The issue occurs when MAX_FRAME_SIZE (MTU) is changed while the CPU port is enabled, causing the switch to panic and stop sending packets, which can render the device unreachable; a switch reset may be requir...

5.5CVSS5.4AI score0.00243EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder