openSUSE 16 Security Update : perl-HTTP-Tiny (openSUSE-SU-2026:20792-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20792-1 advisory. Changes in perl-HTTP-Tiny: - updated to 0.094 0.094 - No changes from 0.093-TRIAL 0.093 - fix to prevent invalid characters in all headers, and prevent...

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2026:1745-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1745-1 advisory. Update to version 2.27. Security issues fixed: - CVE-2026-26961: rack: greedy multipart boundary parsing can lead to parser...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2026-1583)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1583 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

AlmaLinux 8 : php:7.4 (ALSA-2026:2470)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2470 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decod...

RLSA-2026:2470 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

EUVD-2017-14592

Malware in sbrugna...

RLSA-2025:7489 Important: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 php: Streams HTTP wrapper...

CVE-2025-48074 OpenEXR's Unbounded File Header Values can Lead to Out-Of-Memory Errors

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

AlmaLinux 9 : firefox (ALSA-2025:10072)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:10072 advisory. firefox: Content-Disposition header ignored when a file is included in an embed or object tag CVE-2025-6430 firefox: Use-after-free in FontFaceSet...

Medium: php8.2

Issue Overview: Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. CVE-2025-1219...

Amazon Linux 2 : php (ALASPHP8.2-2025-007)

The version of php installed on the remote host is prior to 8.2.28-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2025-007 advisory. Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using...

CVE-2025-1736

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

SUSE-SU-2025:0981-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers bsc1238450...

Python Improper Encoding of Output Vulnerability (Feb 2025) - Mac OS X

Python is prone to an improper encoding of output vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

USN-7260-1: OpenRefine vulnerabilities

It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a crafted tar file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-37476 It was discovered that...

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

Moderate: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

CentOS 8 : Image Builder (CESA-2023:2780)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2780 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closin...

Security Bulletin: Netcool Operations Insight - Missing or insecure headers

Summary AppScan detected multiple low severity http header issues. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Netcool Operations Insight| 1.4.x Netcool Operations Insight| 1.5.x...

USN-4213-1: Squid vulnerabilities

Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. CVE-2019-12523 Jeriko One...