Oracle Linux 10 : libsoup3 (ELSA-2026-15968)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-15968 advisory. - Add patches for CVE-2026-4271 and CVE-2026-5119 - Add patch for CVE-2026-1761 - Fix CVE-2026-0719 - Fix CVE-2025-14523 - Add patch for CVE-2025-121...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1584)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1612)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : libsoup (EulerOS-SA-2026-1316)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1402)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-1612)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing...

libsoup security update

2.62.2-2.0.11 - Fixes CVE-2026-0719 CVE-2026-1761 Orabug: 38958074 2.62.2-2.0.9 - Fix CVE-2025-14523 Orabug: 38873507 2.62.2-2.0.7 - Backport patch for CVE-2025-4945 and CVE-2025-11021 Orabug: 38664275 2.62.2-2.0.5 - Fixes CVE-2025-2784 CVE-2025-4948 CVE-2025-32049 Orabug: 38085184 - CVE-2025-329...

Oracle Linux 7 : libsoup (ELSA-2026-0925)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0925 advisory. - Fix CVE-2025-14523 Orabug: 38873507 - Backport patch for CVE-2025-4945 and CVE-2025-11021 Orabug: 38664275 - Fixes CVE-2025-2784 CVE-2025-4948 CVE-2025-32049...

Oracle Linux 10 : libsoup3 (ELSA-2026-2182)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2182 advisory. - Fix CVE-2026-0719 - Fix CVE-2025-14523 - Add patch for CVE-2025-12105 Tenable has extracted the preceding description block directly from the Oracle...

Important: libsoup

Issue Overview: A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one...

libsoup3 security update

3.6.5-9 - Fix CVE-2026-0719 3.6.5-8 - Fix CVE-2025-14523 3.6.5-7 - Add patch for CVE-2025-12105 3.6.5-6 - Fix integer overflow in date/time parsing 3.6.5-5 - Bump revision number 3.6.5-4 - Fix several CVEs...

Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2026-1394)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1394 advisory. A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, ...

Amazon Linux 2 : libsoup, --advisory ALAS2-2026-3142 (ALAS-2026-3142)

The version of libsoup installed on the remote host is prior to 2.56.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3142 advisory. A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-sid...

CLSA-2026-1769687040 libsoup: Fix of CVE-2025-14523

CVE-2025-14523: reject duplicate Host headers to prevent request smuggling, cache poisoning, and host-based access control bypass attacks...

RockyLinux 8 : spice-client-win (RLSA-2026:1509)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:1509 advisory. libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy First- vs Last-Value Wins CVE-2025-14523 Tenable has extracted the preceding...

Important: Red Hat Security Advisory: spice-client-win security update

An update for spice-client-win is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

Important: Red Hat Security Advisory: spice-client-win security update

An update for spice-client-win is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

RHEL 8 : spice-client-win (RHSA-2026:1570)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1570 advisory. Spice client MSI installers for Windows clients Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy Firs...

RHEL 8 : spice-client-win (RHSA-2026:1572)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1572 advisory. Spice client MSI installers for Windows clients Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy Firs...

RHEL 8 : spice-client-win (RHSA-2026:1569)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1569 advisory. Spice client MSI installers for Windows clients Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy Firs...