RHEL 10 : nghttp2 (RHSA-2026:8868)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:8868 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

MiracleLinux 8 : nghttp2-1.33.0-6.el8_10.2 (AXSA:2026-443:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-443:02 advisory. nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 Tenable has extracted the preceding description block...

RHEL 9 : nghttp2 (RHSA-2026:8546)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8546 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

RLSA-2026:7667 Important: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 For more details about the security issues, including the impact, a CVSS...

MiracleLinux 9 : nghttp2-1.43.0-6.el9_7.1 (AXSA:2026-438:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-438:01 advisory. nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 Tenable has extracted the preceding description block...

RHEL 9 : nghttp2 (RHSA-2026:8545)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8545 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

RHEL 8 : nghttp2 (RHSA-2026:8541)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8541 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

AlmaLinux 8 : nghttp2 (ALSA-2026:7667)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:7667 advisory. nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 Tenable has extracted the preceding description block...

RHEL 10 : nghttp2 (RHSA-2026:7666)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7666 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

Oracle Linux 9 : nghttp2 (ELSA-2026-7668)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7668 advisory. 1.43.0-6.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135 Tenable has extracted the preceding description block...

Oracle Linux 10 : nghttp2 (ELSA-2026-7666)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7666 advisory. 1.64.0-2.1 - fix Denial of service: Assertion failure due to the missing state validation CVE-2026-27135 Tenable has extracted the preceding description block...

Important: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 For more details about the security issues, including the impact, a CVSS...

ALSA-2026:7668 Important: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 For more details about the security issues, including the impact, a CVSS...

OPENSUSE-SU-2026:10437-1 libnghttp2-14-1.68.1-1.1 on GA media

These are all security issues fixed in the libnghttp2-14-1.68.1-1.1 package on the GA media of openSUSE Tumbleweed...

MiracleLinux 9 : nghttp2-1.43.0-5.el9_4.3 (AXSA:2024-8147:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8147:01 advisory. nghttp2: CONTINUATION frames DoS CVE-2024-28182 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note...

MiracleLinux 8 : nghttp2-1.33.0-3.el8.1 (AXSA:2020-326:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-326:01 advisory. nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 7 : httpd24-nghttp2-1.7.1-11.0.1.el7 (AXSA:2024-7351:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7351:01 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...

libnghttp2-14-1.64.0-1.1 on GA media (moderate)

libnghttp2-14-1.64.0-1.1 on GA media Announcement ID: openSUSE-SU-2024:14491-1 Rating: moderate Cross-References: CVE-2019-18802 CVSS scores: CVE-2019-18802 SUSE : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can n...

OPENSUSE-SU-2024:14491-1 libnghttp2-14-1.64.0-1.1 on GA media

These are all security issues fixed in the libnghttp2-14-1.64.0-1.1 package on the GA media of openSUSE Tumbleweed...

mod_http2 security update

An update is available for modhttp2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of...