4 matches found
SUSE-SU-2026:2695-1 Security update for nodejs22
This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...
CLSA-2026-1778239845 skopeo: Fix of 2 CVEs
CVE-2024-6104: backport go-retryablehttp URL redaction so basic-auth credentials embedded in request URLs are not written to logs/errors - CVE-2024-28180: backport go-jose decompression-bomb fix to both vendored major versions github.com/go-jose/go-jose/v3 and gopkg.in/square/go-jose.v2...
PT-2026-22608
Name of the Vulnerable Software and Affected Versions ExtremeCloud IQ – Site Engine XIQ‑SE versions prior to 26.2.10 Description A flaw exists in the NAC administration interface that allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. While...
CLSA-2025-1763478867 squid: Fix of CVE-2025-62168
CVE-2025-62168: Fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure...