Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

SUSE-SU-2026:1509-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

SUSE-SU-2026:1371-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

SUSE-SU-2026:1363-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

CVE-2026-23886 Swift W3C TraceContext has malformed HTTP header that can cause a crash

Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...

Linux Distros Unpatched Vulnerability : CVE-2021-33056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message. CVE-2021-33056 Note that Ness...

Linux Distros Unpatched Vulnerability : CVE-2017-14098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the pjsip channel driver respjsip in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could...

TencentOS Server 2: httpd (TSSA-2025:0526)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0526 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

CVE-2025-54581 vproxy is vulnerable to a divide by zero DoS attack

vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed as a TTL value. If an attacker supplies a TTL of zero...

PT-2025-54579

Name of the Vulnerable Software and Affected Versions Node.js version 24 Description A memory leak exists in Node.js’s OpenSSL integration when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. Calling socket.getPeerCertificatetrue causes a memory leak for each...

OESA-2024-2470 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5...

SUSE CVE-2005-1043

exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service memory consumption and crash via an EXIF header with a large IFD nesting level, which causes significant stack recursion...

SUSE CVE-2014-3581

The cachemergeheadersout function in modules/cache/cacheutil.c in the modcache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty HTTP Content-Type header...

SUSE-SU-2018:1161-2 Security update for apache2

This update for apache2 fixes the following issues: CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814...

USN-3340-1 apache2 vulnerabilities

Emmanuel Dreyfus discovered that third-party modules using the apgetbasicauthpw function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new apgetbasicauthcomponents function for use by third-party modules. CVE-2017-3167 Vasileios...

rpm: improper validation of header contents total size in headerLoad()

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large region size in a package header...

RHEL 2.1 : pan (RHSA-2003:312)

Updated Pan packages that close a denial of service vulnerability are now available. Pan is a Gnome/GTK+ newsreader. A bug in Pan versions prior to 0.13.4 can cause Pan to crash when parsing an article header containing a very long author email address. This bug causes a denial of service crash,...

webxdos.txt

Web Crossing 4.x/5.x Denial of Service Vulnerability Credit: Author : Peter Winter-Smith Software: Package : Web Crossing Versions : 4.x/5.x Vendor : WebCrossing, Inc. Vendor Url : http://www.webcrossing.com/ Vulnerability: Bug Type : Denial of Service Severity : Less Critical 1. Description of...

Pegasus Mail 4.0 1 - Message Header Buffer Overflow

Pegasus Mail 4.0 1 - Message Header Buffer Overflow source: https://www.securityfocus.com/bid/5302/info Pegasus Mail is an email client for Microsoft Windows and DOS based systems. A buffer overflow vulnerability has been reported in some versions of Pegasus Mail. Reportedly, Pegasus is vulnerabl...

Misformated message header causes msn messenger to crash

Introduction to the flaw. Msn Messenger is a popular Instant-Messaging client from Microsoft. After the previous flaws regarding the privacy of users another flaw is discovered. This flaw makes the msn messenger client crash after receiving a misformated font variable in the message header with...