1083 matches found
Security Bulletin: Vulnerability in nghttp2 library (CVE-2026-27135) affects Power HMC.
Summary The nghttp2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-27135 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library...
SUSE-SU-2026:2695-1 Security update for nodejs22
This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...
CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length
nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...
Linux Distros Unpatched Vulnerability : CVE-2026-58055
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content- Length header and body onto reusable keep-alive backend...
EulerOS 2.0 SP15 : nghttp2 (EulerOS-SA-2026-2494)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...
EulerOS 2.0 SP15 : nghttp2 (EulerOS-SA-2026-2453)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...
SUSE SLES15 Security Update : nodejs22 (SUSE-SU-2026:2647-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2647-1 advisory. This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on...
SUSE-SU-2026:2647-1 Security update for nodejs22
This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...
SUSE SLES15 Security Update : nodejs24 (SUSE-SU-2026:2633-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2633-1 advisory. This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to...
OPENSUSE-SU-2026:21058-1 Security update for nodejs22
This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...
SUSE-SU-2026:2633-1 Security update for nodejs24
This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to uncontrolled resource consumption bsc1268480. - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response...
SUSE-SU-2026:22368-1 Security update for nodejs22
This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
Photon OS 4.0: Nghttp2 PHSA-2026-4.0-1002
An update of the nghttp2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1002. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
MGASA-2026-0199 Updated nghttp2 packages fix security vulnerability
Denial of service: Assertion failure due to missing state validation. CVE-2026-27135...
EulerOS Virtualization 2.13.1 : nghttp2 (EulerOS-SA-2026-2380)
According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...
EulerOS Virtualization 2.13.0 : nghttp2 (EulerOS-SA-2026-2409)
According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...
EulerOS 2.0 SP13 : nghttp2 (EulerOS-SA-2026-2346)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...
nodejs24 security update
1:24.14.1-2.0.2 - Rebuild to correct NVR 1:24.14.1-2.0.1 - Update upstream references...