[SECURITY] [DLA 4608-1] corosync security update

Debian LTS Advisory DLA-4608-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias May 30, 2026 https://wiki.debian.org/LTS Package : corosync Version : 3.1.2-2+deb11u2 CVE ID : CVE-2026-35091 CVE-2026-35092 Debian Bug : 1133837 1133838 Two vulnerabilities have been...

GHSA-Q8MJ-M7CP-5Q26 qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

CVE-2026-42626

HP ENVY 5000 series printers (VERBASPP1N003.2237A.00) are affected by a DoS condition caused by improper management of concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can establish a persistent connection and send keep-alive...

Astra Linux - уязвимость в cups

OpenPrinting CUPS is an open-source printing system. In versions 2.4.2 and earlier, a heap buffer overflow vulnerability existed, which allowed a remote attacker to launch a Denial-of-Service DoS attack. This vulnerability was present in the formatlogline function. Exploitation of this...

CVE-2026-44296

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...

Linux Distros Unpatched Vulnerability : CVE-2019-19307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in parsemqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS infinite loop, or possibly cause an out-of-boun...

EUVD-2026-28958

A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcfsesssbidiscoverandsend of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The exploit has been made publi...

Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 `:scheme` atom-table exhaustion

Summary An unauthenticated remote denial-of-service vulnerability in Plug.Cowboy.Conn allows any attacker who can reach an HTTPS Plug.Cowboy listener via HTTP/2 to permanently exhaust the BEAM atom table and crash the entire Erlang VM. Am I Affected? All users running plugcowboy with HTTP/2 may b...

PT-2026-37135

Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.4.0 Description A remote Denial of Service DoS issue exists due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to...

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

EUVD-2026-16330

The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in sshgetfingerprinthash and sshprinthexa deprecated, which is vulnerable to the same input length is provided by the calling application. The function is also used...

CVE-2026-4247

CVE-2026-4247 affects FreeBSD TCP implementations (bases: 14.x, 15.x/releng) where, when a challenge ACK should be sent, tcp_respond() consumes the mbuf and can leak the mbuf if no ACK is sent. An attacker on-path or able to establish a TCP connection can craft packets that trigger a challenge AC...

EUVD-2026-10324

A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...

CVE-2026-3816

A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

EulerOS 2.0 SP13 : brotli (EulerOS-SA-2026-1218)

According to the versions of the brotli package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The...

MiracleLinux 8 : subversion:1.10 (AXSA:2021-1466:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1466:01 advisory. subversion: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev' CVE-2018-11782 Tenable has extracted the preceding description block directl...

MiracleLinux 8 : nspr-4.32.0-1.el8, nss-3.67.0-6.el8 (AXSA:2021-2445:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2445:02 advisory. nss: TLS 1.3 CCS flood remote DoS Attack CVE-2020-25648 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

MiracleLinux 4 : nss-3.44.0-7.0.1.AXS4 (AXSA:2021-1747:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1747:04 advisory. nss: TLS 1.3 CCS flood remote DoS Attack CVE-2020-25648 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

EulerOS 2.0 SP12 : cups (EulerOS-SA-2026-1065)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe...