BIT-NODE-MIN-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js (CVE-2025-23165 & CVE-2025-23166) )

Summary IBM App Connect Enterprise is vulnerable to Missing Release of Memory after Effective Lifetime and Uncaught Exception due to Node.js. Vulnerability Details CVEID:CVE-2025-23165 DESCRIPTION: In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file...

USN-7545-4 apport regression

USN-7545-1 fixed vulnerabilities in Apport. The update incorrectly handled logging if a crashing process was killed while Apport was analyzing it. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that Apport incorrectly handled metada...

CentOS 7 : buildah (RHSA-2020:2116)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2116 advisory. - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious containe...

haproxy: denial of service

A problem has been discovered with the new field "ruledenystatus" into struct httptxn, which is filled only by actions "http-request deny" and "http-request tarpit". It's then used in the deny code path to emit the proper error message, but is used uninitialized when the deny comes from a "reqden...

CVE-2013-4369

The xluvifparserate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service NULL pointer dereference by using the "@" character as the VIF rate configuration...