Lucene search
K

124 matches found

RedHat Linux
RedHat Linux
added 2026/04/13 1:43 a.m.2 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.3 views

Oracle Linux 10 : nghttp2 (ELSA-2026-7666)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7666 advisory. 1.64.0-2.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135 Tenable has extracted the preceding description block...

7.5CVSS5.9AI score0.00775EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2026/04/13 12:0 a.m.8 views

nghttp2 security update

1.33.0-6.2 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135...

7.5CVSS6.7AI score0.00775EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/04/13 12:0 a.m.7 views

nghttp2 security update

1.43.0-6.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135...

7.5CVSS5.8AI score0.00775EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/04/12 12:0 a.m.11 views

nghttp2 security update

1.64.0-2.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135...

7.5CVSS5.8AI score0.00775EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/11 12:0 a.m.2 views

SUSE SLES15 Security Update : nghttp2 (SUSE-SU-2026:1247-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1247-1 advisory. This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS...

7.5CVSS5.9AI score0.00775EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/04/10 10:35 a.m.4 views

Security update for nghttp2

This update for nghttp2 fixes the following issue: CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively yo...

8.2CVSS6.7AI score0.00775EPSS
Exploits0References4
OSV
OSV
added 2026/04/10 10:34 a.m.4 views

SUSE-SU-2026:1247-1 Security update for nghttp2

This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/09 8:27 p.m.9 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS6.5AI score0.00775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/09 1:38 p.m.4 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/09 1:4 p.m.4 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS6.5AI score0.00775EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/08 1:58 p.m.4 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/06 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-31407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. These attributes are used by the...

7.1CVSS6.1AI score0.00169EPSS
Exploits0References4
CVE
CVE
added 2026/04/03 3:15 p.m.16 views

CVE-2026-23460

CVE-2026-23460 (Linux kernel) affects the Rose (net/rose) path. The bug occurs when a second connect() is issued while a first connect is in progress (state TCP_SYN_SENT); rose_get_neigh() may return NULL, leaving rose->state ROSE_STATE_1 with neighbour NULL, and on socket close rose_transmit_...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/29 12:0 a.m.1 views

openSUSE 16 Security Update : nghttp2 (openSUSE-SU-2026:20413-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20413-1 advisory. This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845. Tenab...

7.5CVSS6AI score0.00775EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 2:4 p.m.3 views

OESA-2026-1754 nghttp2 security update

The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2. Security Fixes: A security vulnerability exists in nghttp2 library where missing stat...

7.5CVSS5.9AI score0.00775EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 9:43 a.m.5 views

SUSE-SU-2026:20950-1 Security update for nghttp2

This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.10 views

SUSE SLED15 / SLES15 Security Update : nghttp2 (SUSE-SU-2026:1074-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1074-1 advisory. - CVE-2026-27135: Assertion failure due to missing state validation can lead to DoS bsc1259845. Tenable has extracted t...

7.5CVSS6AI score0.00775EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/03/26 12:39 p.m.3 views

Security update for nghttp2

This update for nghttp2 fixes the following issues: CVE-2026-27135: Assertion failure due to missing state validation can lead to DoS bsc1259845. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...

8.2CVSS5.8AI score0.00775EPSS
Exploits0References4
OSV
OSV
added 2026/03/26 12:39 p.m.1 views

SUSE-SU-2026:1074-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: - CVE-2026-27135: Assertion failure due to missing state validation can lead to DoS bsc1259845...

7.5CVSS5.9AI score0.00775EPSS
Exploits0References3
Rows per page
Query Builder