Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

SUSE-SU-2026:1192-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issues: - CVE-2026-27448: unhandled exception can result in connection not being cancelled bsc1259804. - CVE-2026-27459: large cookie value can lead to a buffer overflow bsc1259808...

SUSE-SU-2026:20960-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issues: - CVE-2026-27448: unhandled exception can result in connection not being cancelled bsc1259804. - CVE-2026-27459: large cookie value can lead to a buffer overflow bsc1259808...

Fedora 44 : pyOpenSSL (2026-5697f4e025)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5697f4e025 advisory. Update to version 26.0.0 - Added support for using aws-lc instead of OpenSSL. - Properly raise an error if a DTLS cookie callback returned a cookie...

openSUSE 16 Security Update : python-pyOpenSSL (openSUSE-SU-2026:20419-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20419-1 advisory. - CVE-2026-27448: unhandled exception can result in connection not being cancelled bsc1259804. - CVE-2026-27459: large cookie value can lead to ...

OPENSUSE-SU-2026:20419-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issues: - CVE-2026-27448: unhandled exception can result in connection not being cancelled bsc1259804. - CVE-2026-27459: large cookie value can lead to a buffer overflow bsc1259808...

SUSE-SU-2026:20930-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issues: - CVE-2026-27448: unhandled exception can result in connection not being cancelled bsc1259804. - CVE-2026-27459: large cookie value can lead to a buffer overflow bsc1259808...

DEBIAN-CVE-2026-27459

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

CVE-2026-27459

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

CVE-2026-27459

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

Advisory ROSA-SA-2026-3171

Software: libsoup 2.62.3 OS: ROSA Virtualization 3.0 unaffected versions = libsoup-2.62.3-11.rv30 affected versions libsoup-2.62.3-11.rv30 CVE-ID: CVE-2025-4945 BDU-ID: 2025-10260 CVE-Crit: LOW CVE-DESC.: A vulnerability in the libsoup library of the GNOME GUI is related to integer overflow durin...

Security Bulletin: Vulnerabilities in libsoup library (CVE-2025-4945, CVE-2025-11021) affect Power HMC.

Summary The libsoup library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-4945 DESCRIPTION: A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The...

CVE-2026-22904 Stack Overflow via Oversized Cookie Fields in lighttpd

Improper length handling when parsing multiple cookie fields including TRACKID allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution...

MiracleLinux 7 : libsoup-2.62.2-2.0.5.0.2.el7.AXS7 (AXSA:2025-11537:17)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11537:17 advisory. CVE-2025-4945: fix integer overflow vulnerability in date/time parsing CVE-2025-11021: fix out-of-bounds memory read in cookie date handling logic...

CVE-2023-49262

The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session...

EUVD-2025-205819

A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has bee...

Tenda W6-S 安全漏洞

Tenda W6-S is a wireless access point device from Tenda China. A security vulnerability exists in Tenda W6-S version 1.0.0.4, which originates from an incorrect manipulation of the file /bin/httpd parameter cookie in the component R7websSecurityHandler, which could result in a stack buffer overfl...

CVE-2025-15194

The CVE-2025-15194 entry concerns D-Link DIR-600 devices with firmware up to 2.15WWb02. The vulnerability is in the HTTP Header Handler’s hedwig.cgi, where manipulating the Cookie argument triggers a stack-based buffer overflow. This allows remote exploitation and the public PoC indicates active ...

CVE-2025-15194 D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow

A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack...

CVE-2025-15194 D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow

A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack...