FreeBSD-SA-25:08.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-25:08.openssl Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSL Category: contrib Module: openssl Announced: 2025-09-30 Credits:...

UBUNTU-CVE-2025-9232

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

CVE-2025-46408

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...

EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2025-2146)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receiv...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2025-2136)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : libsoup (EulerOS-SA-2025-2046)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receiv...

Linux Distros Unpatched Vulnerability : CVE-2025-27820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apach...

io.airlift:discovery (=324), io.airlift:http-client (=324) +13 more potentially affected by CVE-2025-5115 via org.eclipse.jetty.http2:jetty-http2-common (>=12.1.0.alpha0 <=12.1.0.beta2)

org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.1.0.alpha0, =12.1.0.alpha2, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.beta2 Source cves: CVE-2025-5115 Source advisory: SNYK:JAVA-ORGECLIPSEJETTYHTTP2-12047664...

CVE-2025-9001

A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be...

Azure Linux 3.0 Security Update: python-urllib3 / python3 (CVE-2025-50181)

The version of python-urllib3 / python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-50181 advisory. - urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible ...

Linux Distros Unpatched Vulnerability : CVE-2025-32914

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out- of-bounds read. This flaw allows a malicious HTTP client to...

Linux Distros Unpatched Vulnerability : CVE-2025-4476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : java-21-openjdk (SUSE-SU-2025:02657-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02657-1 advisory. Update to upstream tag jdk-21.0.8+9 July 2025 CPU: Security fixes: - CVE-2025-30749: several...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : java-17-openjdk (SUSE-SU-2025:02667-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02667-1 advisory. Upgrade to upstream tag jdk-17.0.16+8 July 2025 CPU: - CVE-2025-30749: several scenarios can le...

SUSE-SU-2025:02666-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.28+6 July 2025 CPU: Security fixes: - CVE-2025-30749: several scenarios can lead to heap corruption bsc1246595 - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections bsc1246598 -...

SUSE-SU-2025:02657-1 Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.8+9 July 2025 CPU: Security fixes: - CVE-2025-30749: several scenarios can lead to heap corruption bsc1246595 - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections bsc1246598 -...

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2025-1096)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1096 advisory. urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disab...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openj9 (SUSE-SU-2025:02545-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02545-1 advisory. Update to OpenJDK 8u462 build 08 with OpenJ9 0.53.0 virtual machine: - CVE-2025-30749: several scenarios can lead to heap...

SUSE-SU-2025:02545-1 Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: Update to OpenJDK 8u462 build 08 with OpenJ9 0.53.0 virtual machine: - CVE-2025-30749: several scenarios can lead to heap corruption Oracle CPU 2025-07 bsc1246595 - CVE-2025-30754: incomplete handshake may lead to weakening TLS protectio...

RLSA-2025:10867 Important: java-17-openjdk security update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve HTTP client header handling CVE-2025-50059 JDK:...