EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2026-2219)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...

EulerOS Virtualization 2.10.1 : nghttp2 (EulerOS-SA-2026-2030)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...

EulerOS Virtualization 2.10.0 : nghttp2 (EulerOS-SA-2026-2057)

According to the versions of the nghttp2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.43 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

TencentOS Server 3: nghttp2 (TSSA-2026:0385)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0385 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: nodejs:20 (TSSA-2026:0327)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0327 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : nghttp2 vulnerability (USN-8233-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8233-1 advisory. Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session...

Important: Red Hat Security Advisory: updated RHEL-8 based Middleware Containers container images

Updated RHEL-8 based Middleware Containers container images are now available The RHEL-8 based Middleware Containers container images have been updated to address the following security advisory: RHSA-2026:11077 RHSA-2026:7667 RHSA-2026:8534 RHSA-2026:9745 see References Security Fixes: rsync:...

USN-8233-1: nghttp2 vulnerability

Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to crash, resulting in a denial of service...

RHEL 9 : nodejs:20 (RHSA-2026:9874)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9874 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

MiracleLinux 8 : nghttp2-1.33.0-6.el8_10.2 (AXSA:2026-443:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-443:02 advisory. nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 Tenable has extracted the preceding description block...

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

RHEL 8 : nghttp2 (RHSA-2026:8540)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8540 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

AlmaLinux 8 : nodejs:24 (ALSA-2026:7670)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7670 advisory. nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici: Undici:...

AlmaLinux 8 : nghttp2 (ALSA-2026:7667)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:7667 advisory. nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 Tenable has extracted the preceding description block...

RHEL 8 : nodejs:20 (RHSA-2026:8339)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8339 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 8 : nghttp2 (RHSA-2026:8538)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8538 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

MiracleLinux 9 : nghttp2-1.43.0-6.el9_7.1 (AXSA:2026-438:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-438:01 advisory. nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 Tenable has extracted the preceding description block...

nodejs24 security update

An update is available for nodejs24. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a platform built on Chrome's JavaScript runtime for easily...

RockyLinux 9 : nghttp2 (RLSA-2026:7668)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:7668 advisory. nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 Tenable has extracted the preceding description block...