OPENSUSE-SU-2026:20384-1 Security update for libsoup

This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...

EUVD-2026-9972

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...

Improper Handling of URL Encoding (Hex Encoding)

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Improper Handling of URL Encoding Hex Encoding where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. An...

Denial Of Service (DoS)

body-parser is vulnerable to Denial Of Service DoS. The vulnerability is due to inadequate handling of url encoding in body-parser, which allows an attacker to flood the server with excessive requests, potentially disrupting the server’s availability...

PT-2024-4606

Name of the Vulnerable Software and Affected Versions: OpenTelemetry Collector versions prior to 0.102.1 confighttp module versions prior to 0.102.0 configgrpc module versions prior to 0.102.1 Description: An unsafe decompression vulnerability allows unauthenticated attackers to crash the collect...

CVE-2022-2825

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lac...

OPENSUSE-SU-2020:1369-1 Security update for squid

This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply bsc1175671. - CVE-2020-15811: Improve Transfer-Encoding handling bsc1175665. - CVE-2020-15810: Enforce token characters for field-name bsc1175664. This...

SUSE-SU-2020:2442-1 Security update for squid

This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply bsc1175671. - CVE-2020-15811: Improve Transfer-Encoding handling bsc1175665. - CVE-2020-15810: Enforce token characters for field-name bsc1175664...

USN-4434-1 libvncserver vulnerabilities

Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. CVE-2019-20839 It was discovered that LibVNCServer did no...

Important: python34

Issue Overview: Python is affected by improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are: urllib.parse.urlsplit, urllib.parse.urlpars...

openSUSE: Security Advisory for obs-service-tar_scm (openSUSE-SU-2019:0326-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PT-2018-16142 · Node.Js · Serve

Name of the Vulnerable Software and Affected Versions: serve node module affected versions not specified Description: The issue is related to improper handling of URL encoding, allowing access to ignored files if a filename is URL encoded. This can potentially lead to unauthorized access to...

Design/Logic Flaw

The iconvmimedecodeheaders function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring aka Multibyte String implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam...

PT-2010-4976 · Adobe +1 · Flash Player +1

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 9.0.289.0 Adobe Flash Player versions 10.x prior to 10.1.102.64 Adobe Flash Player version 10.1.95.1 on Android Description: The issue arises from the improper handling of unspecified encodings during the...