Lucene search
K

73 matches found

RedHat Linux
RedHat Linux
added 4 days ago5 views

nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames

A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service...

7.5CVSS6.7AI score0.00656EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago11 views

Important: Red Hat Security Advisory: nodejs22 security, bug fix, and enhancement update

An update for nodejs22 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6AI score0.02806EPSS
Exploits1References15
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.6 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/06/19 11:46 a.m.89 views

vlc-vp9-reschange-crash-poc

VLC VP9 Resolution-Change Crash PoC This repository contains...

5.9AI score
Exploits0
Ubuntu
Ubuntu
added 2026/06/15 4:19 p.m.20 views

USN-8430-1: ADSys vulnerabilities

It was discovered that ADSys did not properly handle certain HTTP/2 frames. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 26.04 LTS. CVE-2026-27141 It was discovered that ADSys did not properly handle certain HTTP/2 SETTINGS frames. ...

7.5CVSS7.9AI score0.00781EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:40 a.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana OnPrem build 1.0.319 Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended...

9.1CVSS6AI score0.01736EPSS
Exploits7Affected Software1
F5 Networks
F5 Networks
added 2026/05/13 1:1 p.m.16 views

K000161131: NGINX ngx_http_proxy_v2_module vulnerability CVE-2026-42926

Security Advisory Description When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody , an attacker may be able to inject frame headers and payload bytes to the upstream peer. CVE-2026-42926 Impact This vulnerability allows a remot...

6.3CVSS6AI score0.00339EPSS
Exploits1Affected Software4
EUVD
EUVD
added 2026/05/07 3:52 a.m.7 views

EUVD-2026-26716

Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion...

6.9CVSS5.8AI score0.0051EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/01 8:34 p.m.8 views

CVE-2026-42788 HTTP/2 frame size limit checked after body is buffered in bandit

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames. 'Elixir.Bandit.HTTP2.Frame':deserialize/2 in lib/bandit/http2/frame.ex checks the SETTINGSMAXFRAMESIZE limit only after pattern-matching...

6.9CVSS5.9AI score0.0051EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.7 views

PT-2026-36544

Name of the Vulnerable Software and Affected Versions bandit versions 0.3.6 through 1.10.x Description An issue in the deserialize/2 function within Elixir.Bandit.HTTP2.Frame allows unauthenticated memory exhaustion through oversized HTTP/2 frames. The system checks the SETTINGS MAX FRAME SIZE...

6.9CVSS5.9AI score0.0051EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/04/20 2:56 a.m.10 views

Important: Red Hat Security Advisory: nghttp2 security update

An update for nghttp2 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.5CVSS7.1AI score0.00775EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/16 7:57 p.m.11 views

Important: Red Hat Security Advisory: nghttp2 security update

An update for nghttp2 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS7.1AI score0.00775EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/16 7:46 p.m.8 views

Important: Red Hat Security Advisory: nghttp2 security update

An update for nghttp2 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS7.1AI score0.00775EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/16 6:50 p.m.11 views

Important: Red Hat Security Advisory: nghttp2 security update

An update for nghttp2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

7.5CVSS7.1AI score0.00775EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.11 views

RHEL 8 : nghttp2 (RHSA-2026:8540)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8540 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.3 views

RHEL 8 : nghttp2 (RHSA-2026:8539)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8539 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

7.5CVSS7.2AI score0.00775EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.8 views

RHEL 9 : nghttp2 (RHSA-2026:8548)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:8548 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

7.5CVSS7.2AI score0.00775EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/15 7:16 p.m.3 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS7AI score0.00775EPSS
Exploits0References6
Rockylinux
Rockylinux
added 2026/04/14 12:3 a.m.8 views

nodejs:20 security update

An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.7CVSS6.9AI score0.26356EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/04/13 6:36 p.m.4 views

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.7CVSS6.8AI score0.26356EPSS
Exploits2References6
Rows per page
Query Builder