RLSA-2026:7667 Important: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 For more details about the security issues, including the impact, a CVSS...

nghttp2 security update

An update is available for nghttp2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libnghttp2 is a library implementing the Hypertext Transfer Protocol version ...

RLSA-2026:8339 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...

Linux Distros Unpatched Vulnerability : CVE-2026-35469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate...

RHEL 8 : nghttp2 (RHSA-2026:8539)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8539 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

AlmaLinux 9 : nghttp2 (ALSA-2026:7668)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:7668 advisory. nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 Tenable has extracted the preceding description block...

RHEL 8 : nghttp2 (RHSA-2026:8540)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8540 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

RHEL 9 : nghttp2 (RHSA-2026:8548)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:8548 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

RHEL 9 : nghttp2 (RHSA-2026:8545)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8545 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues: Upidate to 4.1.132: CVE-2026-33870: incorrectly parses quoted strings in HTTP/1.1 can lead to request smuggling bsc1261031. CVE-2026-33871: sending a flood of CONTINUATION frames can lead to a denial of service bsc1261043. Changelo...

RLSA-2026:7675 Important: nodejs24 security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

RLSA-2026:7666 Important: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 For more details about the security issues, including the impact, a CVSS...

nghttp2 security update

An update is available for nghttp2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libnghttp2 is a library implementing the Hypertext Transfer Protocol version...

RLSA-2026:7668 Important: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 For more details about the security issues, including the impact, a CVSS...

CVE-2026-33021

A flaw was found in libsixel, a SIXEL encoder/decoder implementation. An attacker who controls incoming frames can exploit a use-after-free vulnerability. This occurs because a caller-owned pixel buffer is prematurely freed during a resize operation, leaving a dangling pointer. This can lead to a...

RockyLinux 10 : nodejs24 (RLSA-2026:7675)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7675 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547...

AlmaLinux 10 : nghttp2 (ALSA-2026:7666)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:7666 advisory. nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 Tenable has extracted the preceding description block...

RockyLinux 10 : nghttp2 (RLSA-2026:7666)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:7666 advisory. nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 Tenable has extracted the preceding description block...

AlmaLinux 10 : nodejs24 (ALSA-2026:7675)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7675 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547...