1079 matches found
Important: Red Hat Security Advisory: nghttp2 security update
An update for nghttp2 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
MiracleLinux 8 : nodejs:24 (AXSA:2026-465:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-465:01 advisory. nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici:...
Oracle Linux 8 : nodejs:20 (ELSA-2026-8339)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-8339 advisory. - Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change. Resolves: RHEL-154018 Fixes: CVE-2026-27135 CVE-2026-27904...
MiracleLinux 8 : nodejs:20 (AXSA:2026-464:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-464:01 advisory. minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophic...
MiracleLinux 9 : nodejs:20 (AXSA:2026-452:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-452:01 advisory. minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophic...
RHSA-2026:8547 Red Hat Security Advisory: nghttp2 security update
Bulletin has no description...
RHSA-2026:8548 Red Hat Security Advisory: nghttp2 security update
Bulletin has no description...
RHSA-2026:8545 Red Hat Security Advisory: nghttp2 security update
Bulletin has no description...
RHSA-2026:8546 Red Hat Security Advisory: nghttp2 security update
Bulletin has no description...
RHSA-2026:8540 Red Hat Security Advisory: nghttp2 security update
Bulletin has no description...
RHSA-2026:8541 Red Hat Security Advisory: nghttp2 security update
Bulletin has no description...
RHSA-2026:8539 Red Hat Security Advisory: nghttp2 security update
Bulletin has no description...
RHSA-2026:8538 Red Hat Security Advisory: nghttp2 security update
Bulletin has no description...
nodejs:20 security update
nodejs 1:20.20.2-1 - Update to version 20.20.2 - Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change. Resolves: RHEL-154018 Fixes: CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547 CVE-2026-21710 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves:...
MiracleLinux 8 : nghttp2-1.33.0-6.el8_10.2 (AXSA:2026-443:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-443:02 advisory. nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27135 Tenable has extracted the preceding description block...
Oracle Linux 9 : nodejs:22 (ELSA-2026-7302)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7302 advisory. - introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135 - patch for npm/braces CVE-2026-25547 Resolves: RHEL-163369 Fixes: CVE-2026-152...
Oracle Linux 9 : nodejs:24 (ELSA-2026-7350)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7350 advisory. nodejs 1:24.14.1-2 - Update bundled nghttp2 to 1.68.1 1:24.14.1-1 - Update to version 24.14.1 nodejs-nodemon 3.0.3-3 - Keep BR on just npm 3.0.3-2 - Fi...
MiracleLinux 9 : nodejs:22 (AXSA:2026-446:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-446:01 advisory. brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547 minimatch: minimatch: Denial of Service via...
Important: Red Hat Security Advisory: nghttp2 security update
An update for nghttp2 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...