Lucene search
K

1083 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 1:54 p.m.3 views

Security Bulletin: Vulnerability in nghttp2 library (CVE-2026-27135) affects Power HMC.

Summary The nghttp2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-27135 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library...

7.5CVSS7.1AI score0.00775EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/30 9:6 a.m.3 views

SUSE-SU-2026:2695-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...

9.8CVSS6.1AI score0.02806EPSS
Exploits3References39
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.37 views

CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS0.00202EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-58055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content- Length header and body onto reusable keep-alive backend...

6.3CVSS6.2AI score0.00202EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : nghttp2 (EulerOS-SA-2026-2494)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...

7.5CVSS7.1AI score0.00775EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.10 views

EulerOS 2.0 SP15 : nghttp2 (EulerOS-SA-2026-2453)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...

7.5CVSS7.1AI score0.00775EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.10 views

SUSE SLES15 Security Update : nodejs22 (SUSE-SU-2026:2647-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2647-1 advisory. This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on...

9.8CVSS6.8AI score0.02806EPSS
Exploits3References58
OSV
OSV
added 2026/06/26 10:34 a.m.4 views

SUSE-SU-2026:2647-1 Security update for nodejs22

This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...

9.8CVSS6.6AI score0.02806EPSS
Exploits3References39
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.10 views

SUSE SLES15 Security Update : nodejs24 (SUSE-SU-2026:2633-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2633-1 advisory. This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to...

9.8CVSS6.8AI score0.02806EPSS
Exploits3References64
OSV
OSV
added 2026/06/25 1:50 p.m.2 views

OPENSUSE-SU-2026:21058-1 Security update for nodejs22

This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...

9.8CVSS7AI score0.26356EPSS
Exploits3References52
OSV
OSV
added 2026/06/25 1:34 p.m.2 views

SUSE-SU-2026:2633-1 Security update for nodejs24

This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to uncontrolled resource consumption bsc1268480. - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response...

9.8CVSS6AI score0.02806EPSS
Exploits3References43
OSV
OSV
added 2026/06/25 12:57 p.m.2 views

SUSE-SU-2026:22368-1 Security update for nodejs22

This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...

9.8CVSS7AI score0.26356EPSS
Exploits3References53
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.6 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.9 views

Photon OS 4.0: Nghttp2 PHSA-2026-4.0-1002

An update of the nghttp2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1002. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS7.2AI score0.00775EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 4:20 p.m.8 views

MGASA-2026-0199 Updated nghttp2 packages fix security vulnerability

Denial of service: Assertion failure due to missing state validation. CVE-2026-27135...

7.5CVSS7.4AI score0.00775EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.17 views

EulerOS Virtualization 2.13.1 : nghttp2 (EulerOS-SA-2026-2380)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.15 views

EulerOS Virtualization 2.13.0 : nghttp2 (EulerOS-SA-2026-2409)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 6:6 p.m.28 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...

7.5CVSS6.6AI score0.00882EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.8 views

EulerOS 2.0 SP13 : nghttp2 (EulerOS-SA-2026-2346)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...

7.5CVSS6.9AI score0.00775EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2026/06/09 12:0 a.m.9 views

nodejs24 security update

1:24.14.1-2.0.2 - Rebuild to correct NVR 1:24.14.1-2.0.1 - Update upstream references...

9.8CVSS6.9AI score0.26356EPSS
Exploits1
Rows per page
Query Builder