Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/06/22 11:28 a.m.32 views

CVE-2026-11373 Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections

Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...

0.00352EPSS
Exploits0References6
OSV
OSV
added 2026/06/20 6:49 a.m.3 views

OPENSUSE-SU-2026:21125-1 Security update for perl-Protocol-HTTP2

This update for perl-Protocol-HTTP2 fixes the following issue - CVE-2026-10725: denial of service due to absence of inbound HPACK header-list size limit bsc1267857...

7.5CVSS5.8AI score0.00414EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.8 views

SUSE SLES15 Security Update : perl-Protocol-HTTP2 (SUSE-SU-2026:2306-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2306-1 advisory. This update for perl-Protocol-HTTP2 fixes the following issue - CVE-2026-10725: denial of service due to absence of inbound HPACK header-list size limi...

7.5CVSS5.5AI score0.00414EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/11 12:0 a.m.7 views

perl-Protocol-HTTP2-1.130.0-1.1 on GA media (moderate)

perl-Protocol-HTTP2-1.130.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10988-1 Rating: moderate Cross-References: CVE-2026-10725 CVSS scores: CVE-2026-10725 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerabilit...

7.5CVSS5.5AI score0.00414EPSS
Exploits0
OSV
OSV
added 2026/06/09 7:58 a.m.8 views

SUSE-SU-2026:2306-1 Security update for perl-Protocol-HTTP2

This update for perl-Protocol-HTTP2 fixes the following issue - CVE-2026-10725: denial of service due to absence of inbound HPACK header-list size limit HTTP/2 Bomb attack bsc1267857...

7.5CVSS5.4AI score0.00414EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/06/09 7:58 a.m.9 views

Security update for perl-Protocol-HTTP2

This update for perl-Protocol-HTTP2 fixes the following issue CVE-2026-10725: denial of service due to absence of inbound HPACK header-list size limit HTTP/2 Bomb attack bsc1267857. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdat...

7.5CVSS5.4AI score0.00414EPSS
Exploits0References4
OSV
OSV
added 2026/06/09 12:0 a.m.6 views

OPENSUSE-SU-2026:10988-1 perl-Protocol-HTTP2-1.130.0-1.1 on GA media

These are all security issues fixed in the perl-Protocol-HTTP2-1.130.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.4AI score0.00414EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/06 9:14 a.m.11 views

CVE-2026-10725 Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb

Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...

5.7AI score0.00414EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/06 9:14 a.m.10 views

CVE-2026-10725

Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...

5.7AI score0.00414EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/06 9:14 a.m.44 views

CVE-2026-10725 Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb

Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...

0.00414EPSS
Exploits0References5
Rows per page
Query Builder