124 matches found
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
Oracle Linux 10 : nghttp2 (ELSA-2026-7666)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7666 advisory. 1.64.0-2.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135 Tenable has extracted the preceding description block...
nghttp2 security update
1.33.0-6.2 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135...
nghttp2 security update
1.43.0-6.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135...
nghttp2 security update
1.64.0-2.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135...
SUSE SLES15 Security Update : nghttp2 (SUSE-SU-2026:1247-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1247-1 advisory. This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS...
Security update for nghttp2
This update for nghttp2 fixes the following issue: CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively yo...
SUSE-SU-2026:1247-1 Security update for nghttp2
This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2026-31407
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. These attributes are used by the...
CVE-2026-23460
CVE-2026-23460 (Linux kernel) affects the Rose (net/rose) path. The bug occurs when a second connect() is issued while a first connect is in progress (state TCP_SYN_SENT); rose_get_neigh() may return NULL, leaving rose->state ROSE_STATE_1 with neighbour NULL, and on socket close rose_transmit_...
openSUSE 16 Security Update : nghttp2 (openSUSE-SU-2026:20413-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20413-1 advisory. This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845. Tenab...
OESA-2026-1754 nghttp2 security update
The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2. Security Fixes: A security vulnerability exists in nghttp2 library where missing stat...
SUSE-SU-2026:20950-1 Security update for nghttp2
This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845...
SUSE SLED15 / SLES15 Security Update : nghttp2 (SUSE-SU-2026:1074-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1074-1 advisory. - CVE-2026-27135: Assertion failure due to missing state validation can lead to DoS bsc1259845. Tenable has extracted t...
Security update for nghttp2
This update for nghttp2 fixes the following issues: CVE-2026-27135: Assertion failure due to missing state validation can lead to DoS bsc1259845. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...
SUSE-SU-2026:1074-1 Security update for nghttp2
This update for nghttp2 fixes the following issues: - CVE-2026-27135: Assertion failure due to missing state validation can lead to DoS bsc1259845...