Lucene search
+L

1090 matches found

Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.20 views

PT-2026-41538

A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the...

5.3CVSS5.4AI score0.00367EPSS
Exploits1References6
Debian
Debian
added 2026/05/14 8:47 a.m.11 views

[SECURITY] [DSA 6266-1] nghttp2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6266-1 [email protected] https://www.debian.org/security/ Aron Xu May 14, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

7.5CVSS6.7AI score0.00775EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.65 views

Debian dsa-6266 : libnghttp2-14 - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6266 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6266-1 [email protected] https://www.debian.org/security/...

7.5CVSS6.8AI score0.00775EPSS
Exploits0References5
Debian
Debian
added 2026/05/13 8:1 p.m.13 views

[SECURITY] [DLA 4581-1] nghttp2 security update

Debian LTS Advisory DLA-4581-1 [email protected] https://www.debian.org/lts/security/ Lukas Märdian May 13, 2026 https://wiki.debian.org/LTS Package : nghttp2 Version : 1.43.0-1+deb11u3 CVE ID : CVE-2026-27135 Debian Bug : 1131369 A vulnerabilitie was discovered in nghttp2, a server,...

7.5CVSS6.7AI score0.00775EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/13 2:17 p.m.26 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.64 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.64 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

9.8CVSS7.6AI score0.96267EPSS
Exploits233References14
RedHat Linux
RedHat Linux
added 2026/05/13 1:55 p.m.23 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.65 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.65 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

9.8CVSS7.6AI score0.96267EPSS
Exploits233References14
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.15 views

Debian dla-4581 : libnghttp2-14 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4581 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4581-1 [email protected] https://www.debian.org/lts/security/...

7.5CVSS6.8AI score0.00775EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.10 views

CVE-2026-8119

A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogssbistreamfindbyid in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be used...

5.5CVSS5.5AI score0.00202EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/08 6:18 p.m.7 views

Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of libnghttp2-sys (CVE-2025-7207, CVE-2025-12875)

Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.0 and 1.90.0.0 uses the libnghttp2-sys-0.1.11+1.64.0 crate, which wraps a vulnerable version 1.64 of the nghttp2 library. Vulnerability Details CVEID:CVE-2025-12875 DESCRIPTION: A weakness has been identified in mruby 3.4.0...

7.8CVSS5.3AI score0.00214EPSS
Exploits1Affected Software1
CVE
CVE
added 2026/05/08 12:0 a.m.29 views

CVE-2026-8119

CVE-2026-8119 affects Open5GS up to 2.7.7, specifically the NSSF path. The vulnerable element is the function ogs_sbi_stream_find_by_id in the file /lib/sbi/nghttp2-server.c of the NSSF component. A manipulation leads to a denial of service . The vulnerability requires a local attacker (attack ve...

5.5CVSS5.5AI score0.00202EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.44 views

CVE-2026-8119 Open5GS NSSF nghttp2-server.c ogs_sbi_stream_find_by_id denial of service

A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogssbistreamfindbyid in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be used...

4.8CVSS0.00202EPSS
Exploits1References5
OSV
OSV
added 2026/05/08 12:0 a.m.3 views

CVE-2026-8119 Open5GS NSSF nghttp2-server.c ogs_sbi_stream_find_by_id denial of service

A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogssbistreamfindbyid in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be used...

4.8CVSS5.6AI score0.00202EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.16 views

PT-2026-38603

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A flaw in the NSSF component allows a local attacker to cause a denial of service through manipulation of the ogs sbi stream find by id function within the /lib/sbi/nghttp2-server.c library...

4.8CVSS5.7AI score0.00202EPSS
Exploits1References10
OSV
OSV
added 2026/05/07 10:13 a.m.8 views

CLSA-2026-1778148827 nghttp2: Fix of CVE-2023-35945

CVE-2023-35945: fix memory leak in nghttp2sessionmemsendinternal when onstreamclosecallback returns a fatal error during send-failure handling...

7.5CVSS7.1AI score0.01288EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 4:46 a.m.13 views

CLSA-2026-1778129164 nghttp2: Fix of 2 CVEs

CVE-2023-35945: fix memory leak on RSTSTREAM followed by GOAWAY - CVE-2026-27135: fix iframe state validation to prevent assertion failure...

7.5CVSS7.1AI score0.01288EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 7:25 p.m.10 views

USN-8233-2 nghttp2 vulnerability

USN-8233-1 fixed a vulnerability in nghttp2. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : nghttp2 vulnerability (USN-8233-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8233-1 advisory. Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session...

7.5CVSS7.3AI score0.00775EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/05 5:47 p.m.22 views

Important: Red Hat Security Advisory: updated RHEL-8 based Middleware Containers container images

Updated RHEL-8 based Middleware Containers container images are now available The RHEL-8 based Middleware Containers container images have been updated to address the following security advisory: RHSA-2026:11077 RHSA-2026:7667 RHSA-2026:8534 RHSA-2026:9745 see References Security Fixes: rsync:...

9.8CVSS7.4AI score0.0218EPSS
Exploits1References17
Ubuntu
Ubuntu
added 2026/05/05 5:7 p.m.19 views

USN-8233-1: nghttp2 vulnerability

Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to crash, resulting in a denial of service...

7.5CVSS5.8AI score0.00775EPSS
Exploits0
OSV
OSV
added 2026/05/05 5:7 p.m.12 views

USN-8233-1 nghttp2 vulnerability

Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to crash, resulting in a denial of service...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References2
Rows per page
Query Builder