Lucene search
+L

5 matches found

NVD
NVD
added 2026/06/28 2:16 a.m.12 views

CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS0.00202EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/12 8:16 p.m.5 views

CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service daemon panic for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is...

7.5CVSS6AI score0.00236EPSS
Exploits0References2
CVE
CVE
added 2026/04/12 7:17 p.m.44 views

CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 are affected by a workspace overflow during HTTP/2 session upgrade. The vulnerability arises when the HTTP/2 upgrade path repurposes an HTTP/1 request as stream zero and allocates a buffer to reserve space for frames, which can ...

7.5CVSS6AI score0.00236EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/11 10:16 p.m.9 views

CVE-2026-32136

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext h2c. Once the upgrade is accepted, the resulting...

9.8CVSS0.00735EPSS
Exploits2References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/12/22 5:26 a.m.22 views

H2O use-after-free vulnerability

Overview H2O is an open source web server software. H2O contains a use-after-free vulnerability CWE-416 due to a flaw in the process of upgrading from HTTP/1 to HTTP/2. Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated...

9.1CVSS6.9AI score0.02184EPSS
Exploits0References5
Rows per page
Query Builder