Lucene search
K

21 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 6:29 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an out-of-memory condition in spdystream Go [CVE-2026-35469]

Summary IBM Watson Speech Services Cartridge is vulnerable to an out-of-memory condition in spdystream Go, caused by a flaw in SPDY/3 frame parser that does not validate attacker-controlled counts and lengths before allocating memory CVE-2026-35469. Spdystream Go is used in our speech utilities...

8.7CVSS5.2AI score0.00656EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/18 3:47 p.m.5 views

ROOT-APP-GOBINARY-CVE-2026-35469 CVE-2026-35469 in rootio-github.com/moby/spdystream - Patched by Root

Root has patched CVE-2026-35469 in the rootio-github.com/moby/spdystream package for Root:Go. Multiple fixed versions available...

8.7CVSS5.2AI score0.00656EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 7:28 a.m.5 views

Security Bulletin: IBM Engineering Lifecycle Management on Hybrid Cloud multiple vulnerabilities addressed

Summary This release addresses security vulnerabilities in application and operator images of ELM on Hybrid cloud offering. Identified vulnerabilities identified below relate to the underlying OS packages and language dependencies which impacts the product within the deployed environment. Two of...

10CVSS8AI score0.01557EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.10 views

SUSE SLES15 Security Update : kubernetes1.28 (SUSE-SU-2026:2344-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2344-1 advisory. Security fixes: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE...

8.7CVSS5.5AI score0.00781EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2026:2340-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2340-1 advisory. This update for kubernetes1.23 fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transpo...

8.7CVSS5.5AI score0.00781EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.11 views

SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2026:2315-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2315-1 advisory. This update for kubernetes1.23 fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transpo...

8.7CVSS5.5AI score0.00781EPSS
Exploits0References8
OSV
OSV
added 2026/06/10 1:15 p.m.5 views

SUSE-SU-2026:2342-1 Security update for kubernetes

This update for kubernetes fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265748. - CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service...

8.7CVSS5.4AI score0.00781EPSS
Exploits0References5
OSV
OSV
added 2026/05/26 10:49 p.m.10 views

GO-2026-4958 Uncontrolled resource consumption when parsing SPDY frames in github.com/moby/spdystream

The SPDY/3 frame parser in spdystream does not validate attacker-controlled counts and lengths before allocating memory. A remote peer that can send SPDY frames to a service using spdystream can cause the process to allocate gigabytes of memory with a small number of malformed control frames,...

8.7CVSS5.9AI score0.00656EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 6:3 a.m.19 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.318 Vulnerability Details CVEID:CVE-2020-25576 DESCRIPTION: An issue was discovered in the randcore crate before 0.4.2 for Rust. Casting of byte slices to integer slice...

9.8CVSS7.2AI score0.01545EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1070e Security Update: kubernetes (UTSA-2026-016795)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016795 advisory. spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled...

8.7CVSS5.8AI score0.00656EPSS
Exploits0References4
OSV
OSV
added 2026/04/25 12:47 a.m.16 views

CLEANSTART-2026-WL14185 spdystream is a Go library for multiplexing streams over SPDY connections

Multiple security vulnerabilities affect the velero-fips package. spdystream is a Go library for multiplexing streams over SPDY connections. See references for individual vulnerability details...

9.8CVSS6.9AI score0.01945EPSS
Exploits6References46
OSV
OSV
added 2026/04/25 12:46 a.m.11 views

CLEANSTART-2026-VN02574 spdystream is a Go library for multiplexing streams over SPDY connections

Multiple security vulnerabilities affect the velero-fips package. spdystream is a Go library for multiplexing streams over SPDY connections. See references for individual vulnerability details...

9.8CVSS6.9AI score0.01945EPSS
Exploits6References32
SUSE CVE
SUSE CVE
added 2026/04/17 11:25 p.m.6 views

SUSE CVE-2026-35469

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

6.5CVSS5.7AI score0.00656EPSS
Exploits0References13
NVD
NVD
added 2026/04/16 10:16 p.m.6 views

CVE-2026-35469

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

8.7CVSS0.00656EPSS
Exploits0References54
Debian CVE
Debian CVE
added 2026/04/16 9:19 p.m.4 views

CVE-2026-35469

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

8.7CVSS5.5AI score0.00656EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/16 9:19 p.m.3 views

CVE-2026-35469 SpdyStream: DOS on CRI

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

8.7CVSS5.7AI score0.00656EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/16 8:44 p.m.8 views

SpdyStream: DOS on CRI

The SPDY/3 frame parser in spdystream does not validate attacker-controlled counts and lengths before allocating memory. A remote peer that can send SPDY frames to a service using spdystream can cause the process to allocate gigabytes of memory with a small number of malformed control frames,...

8.7CVSS5.9AI score0.00656EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/16 8:44 p.m.6 views

GHSA-PC3F-X583-G7J2 SpdyStream: DOS on CRI

The SPDY/3 frame parser in spdystream does not validate attacker-controlled counts and lengths before allocating memory. A remote peer that can send SPDY frames to a service using spdystream can cause the process to allocate gigabytes of memory with a small number of malformed control frames,...

8.7CVSS5.8AI score0.00656EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/16 8:44 p.m.3 views

EUVD-2026-23298

SpdyStream: DOS on CRI...

8.7CVSS5.8AI score0.00656EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.10 views

SpdyStream 安全漏洞

SpdyStream is a SPDY-based multiplexing stream processing library developed by Moby. Versions of SpdyStream prior to 0.5.0 contain security vulnerabilities. These vulnerabilities stem from the SPDY/3 frame parser not verifying the count and length of the frame before allocating memory. This allow...

8.7CVSS5.9AI score0.00656EPSS
Exploits0References1
Rows per page
Query Builder