CVE-2025-36387

creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...

Linux Distros Unpatched Vulnerability : CVE-2025-36387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when given a specially crafted query (CVE-2025-36387)

Summary IBM® Db2® is vulnerable to a denial of service when given a specially crafted query with QGM objects that contain specific subquery expressions. Vulnerability Details CVEID:CVE-2025-36387 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an...

MiracleLinux 9 : mod_http2-2.0.26-2.el9_4.1 (AXSA:2024-8954:04)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8954:04 advisory. modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 Tenable has extracted the preceding description block directly from the MiracleLinux...

CVE-2023-36387

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections...

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.27 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2024-40898 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error on Windows with modrewrite in server/vhost context. By sending a specially crafte...

Azure Linux 3.0 Security Update: httpd (CVE-2024-36387)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36387 advisory. - Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference,...

RLSA-2024:8680 Low: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

RockyLinux 9 : mod_http2 (RLSA-2024:8680)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:8680 advisory. modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 Tenable has extracted the preceding description block directly from the RockyLinux security...

AlmaLinux 9 : mod_http2 (ALSA-2024:8680)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:8680 advisory. modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 Tenable has extracted the preceding description block directly from the AlmaLinux security...

Low: Red Hat Security Advisory: mod_http2 security update

An update for modhttp2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

RHEL 9 : mod_http2 (RHSA-2024:8680)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:8680 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null...

Oracle Linux 9 : mod_http2 (ELSA-2024-8680)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-8680 advisory. 2.0.26-2.1 - Resolves: RHEL-45803 - modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 Tenable has extracted the preceding description block...

mod_http2 security update

2.0.26-2.1 - Resolves: RHEL-45803 - modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387...

ALSA-2024:8680 Low: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

Low: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

Medium: mod_http2

Issue Overview: Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. CVE-2024-36387 Affected Packages: modhttp2 Issue Correction: Run dnf update modhttp2 --releasever 2023.5.202408...

CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1

CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

Tenable Security Center Multiple Vulnerabilities (TNS-2024-13)

According to its self-reported version, the Tenable Security Center running on the remote host is 6.2.1, 6.3.0 or 6.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-13 advisory. - Security Center leverages third-party software to help provide underlying...

Fedora 39 : mod_http2 (2024-661bb6322d)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-661bb6322d advisory. - version update to 2.0.29 - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...