CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/01/20 12:0 a.m.•7 views

MiracleLinux 8 : nghttp2-1.33.0-6.el8_10.1 (AXSA:2024-8517:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8517:02 advisory. nghttp2: CONTINUATION frames DoS CVE-2024-28182 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note...

5.3CVSS8.2AI score0.8496EPSS

Tenable Nessus•added 2025/07/25 12:0 a.m.•14 views

NewStart CGSL MAIN 7.02 : nghttp2 Multiple Vulnerabilities (NS-SA-2025-0134)

The remote NewStart CGSL host, running version MAIN 7.02, has nghttp2 packages installed that are affected by multiple vulnerabilities: - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wil...

7.5CVSS7.3AI score0.99999EPSS

Exploits20References7

Tenable Nessus•added 2025/06/16 12:0 a.m.•8 views

TencentOS Server 3: nghttp2 (TSSA-2024:0318)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0318 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Tenable Nessus•added 2025/06/16 12:0 a.m.•7 views

TencentOS Server 4: nghttp2 (TSSA-2024:0928)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0928 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Tenable Nessus•added 2025/06/09 12:0 a.m.•7 views

NewStart CGSL MAIN 7.02 : nghttp2 Vulnerability (NS-SA-2025-0078)

The remote NewStart CGSL host, running version MAIN 7.02, has nghttp2 packages installed that are affected by a vulnerability: - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2...

Tenable Nessus•added 2025/05/14 12:0 a.m.•8 views

Exploits1References3

Alibaba Cloud Linux 3 : 0212: nghttp2 (ALINUX3-SA-2024:0212)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0212 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-28182: nghttp2 is an implementation of the...

OSV•added 2025/05/07 7:11 p.m.•8 views

RLSA-2024:4252 Moderate: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: CONTINUATION frames DoS CVE-2024-28182 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refe...

5.3CVSS6.9AI score0.8496EPSS

Rockylinux•added 2025/05/07 7:11 p.m.•16 views

nghttp2 security update

An update is available for nghttp2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libnghttp2 is a library implementing the Hypertext Transfer Protocol version ...

5.3CVSS6.1AI score0.8496EPSS

Tenable Nessus•added 2025/05/07 12:0 a.m.•9 views

RockyLinux 8 : nghttp2 (RLSA-2024:4252)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4252 advisory. nghttp2: CONTINUATION frames DoS CVE-2024-28182 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that...

Tenable Nessus•added 2025/03/05 12:0 a.m.•12 views

Exploits1References3

Linux Distros Unpatched Vulnerability : CVE-2024-28182

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number o...

5.3CVSS6.9AI score0.8496EPSS

IBM Security Bulletins•added 2025/02/26 3:42 p.m.•12 views

Security Bulletin: Vulnerability in nghttp2 affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in nghttp2 affects IBM Storage Virtualize products and could cause denial of service. CVE-2024-28182. Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to versio...

5.3CVSS5.5AI score0.8496EPSS

Exploits1Affected Software8

CBLMariner•added 2025/02/12 4:8 p.m.•8 views

CVE-2024-28182 affecting package fluent-bit for versions less than 3.0.6-1

CVE-2024-28182 affecting package fluent-bit for versions less than 3.0.6-1. A patched version of the package is available...

5.3CVSS7.4AI score0.8496EPSS

Tenable Nessus•added 2025/02/10 12:0 a.m.•6 views

Azure Linux 3.0 Security Update: fluent-bit / nghttp2 / nodejs / nodejs18 (CVE-2024-28182)

The version of fluent-bit / nghttp2 / nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28182 advisory. - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 ...

CBLMariner•added 2025/02/05 10:13 p.m.•19 views

CVE-2024-28182 affecting package fluent-bit for versions less than 3.1.9-2

CVE-2024-28182 affecting package fluent-bit for versions less than 3.1.9-2. A patched version of the package is available...

5.3CVSS7.3AI score0.8496EPSS

OSV•added 2025/02/03 8:46 a.m.•4 views

SUSE-SU-2025:20002-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames bsc1221399...

SUSE Linux•added 2025/02/03 8:46 a.m.•4 views

Exploits1References3

Security update for nghttp2

This update for nghttp2 fixes the following issues: CVE-2024-28182: Fixed denial of service via http/2 continuation frames bsc1221399 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...

7.5CVSS7.3AI score0.8496EPSS

Exploits1References4

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•20 views

Security Bulletin: Vulnerability in nghttp2 (CVE-2024-28182) affects Power HMC.

Summary The nghttp2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0...

5.3CVSS6.7AI score0.8496EPSS

Exploits1Affected Software1

CBLMariner•added 2024/11/27 9:33 p.m.•12 views

CVE-2024-28182 affecting package cmake for versions less than 3.21.4-14

CVE-2024-28182 affecting package cmake for versions less than 3.21.4-14. A patched version of the package is available...

5.3CVSS5.7AI score0.8496EPSS

CBLMariner•added 2024/11/01 4:41 p.m.•22 views

CVE-2024-28182 affecting package nghttp2 for versions less than 1.57.0-2

CVE-2024-28182 affecting package nghttp2 for versions less than 1.57.0-2. A patched version of the package is available...

5.3CVSS5.7AI score0.8496EPSS