Exploit for Double Free in Apache Http_Server

CVE-2026-23918 CVE-2026-23918: Apache HTTP/2 Double...

EUVD-2022-2151

Malicious code in bioql PyPI...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

CVE-2019-9514

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

Updated golang-googlecode-net package fixes security vulnerabilities

This code was vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both...

Kubernetes 1.13.x < 1.13.10 / 1.14.x < 1.14.6 / 1.15.x < 1.15.3 DoS

The version of Kubernetes installed on the remote host is a version prior to 1.13.10, or 1.14.x prior to 1.14.6, or 1.15.x prior to 1.15.3. It is, therefore, affected by the following denial of service vulnerabilities : - A denial of service DoS vulnerability exists in HTTP/2 due to some HTTP/2...

MGASA-2019-0251 Updated golang packages fix security vulnerabilities

Updated golang packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently...