Lucene search
K

12 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.6 views

Security update for ignition (important)

openSUSE security update: security update for ignition ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21108-1 Rating: important References: bsc1265751 Cross-References: CVE-2026-33814 CVSS scores: CVE-2026-33814 SUSE : 7.5...

7.5CVSS6.7AI score0.00781EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 12:59 p.m.7 views

JLSEC-2026-611 Unbounded HTTP/2 concurrent streams and Rapid Reset denial of service in HTTP.jl server

Description The HTTP.jl HTTP/2 server advertised an empty initial SETTINGS frame, leaving SETTINGSMAXCONCURRENTSTREAMS effectively unlimited, and the HEADERS code path allocated per-stream state, a send-window entry, and a Threads.@spawned handler with no check on the number of open streams...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/19 4:57 p.m.3 views

OPENSUSE-SU-2026:21108-1 Security update for ignition

This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751...

7.5CVSS6.7AI score0.00781EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 4:40 p.m.4 views

SUSE-SU-2026:2460-1 Security update for kubernetes-old

This update for kubernetes-old fixes the following issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265747. - CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of servic...

8.7CVSS5.8AI score0.00781EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/15 8:46 p.m.10 views

Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature

Summary Netty HTTP/2 max header size handling produces attack similar to HTTP/2 Rapid Reset. Details There is a setting in the http2 specification called SETTINGSMAXHEADERLISTSIZE. According to the RFC: “This advisory setting informs a peer of the maximum field section size that the sender is...

6.9CVSS5.3AI score0.00302EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.8 views

SUSE SLES15 Security Update : google-cloud-sap-agent (SUSE-SU-2026:2372-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2372-1 advisory. This update for google-cloud-sap-agent fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport...

7.5CVSS5.5AI score0.00781EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/12 2:59 p.m.28 views

CVE-2026-50560 Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting in the http2 specification called...

6.9CVSS0.00302EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/04 12:43 p.m.2 views

net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

A flaw was found in the HTTP/2 protocol implementation within the Go standard library golang.org/x/net and net/http/internal/http2. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGSMAXFRAMESIZE parameter set to zero. This...

7.5CVSS6.1AI score0.00781EPSS
Exploits0References9
OSV
OSV
added 2026/06/02 3:7 p.m.7 views

SUSE-SU-2026:21991-1 Security update for ignition

This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751...

7.5CVSS5.4AI score0.00781EPSS
Exploits0References3
OSV
OSV
added 2026/06/01 7:8 a.m.8 views

SUSE-SU-2026:2194-1 Security update for ignition

This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/06/01 7:8 a.m.15 views

Security update for ignition

This update for ignition fixes the following issue CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 7:41 p.m.73 views

CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

0.00781EPSS
Exploits0References5
Rows per page
Query Builder