ALSA-2026:8339 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...

openSUSE 16 Security Update : libsoup2 (openSUSE-SU-2026:20354-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20354-1 advisory. - CVE-2025-4476: null pointer dereference may lead to denial of service bsc1243422. - CVE-2025-14523: Duplicate Host Header Handling Causes...

MiracleLinux 3 : php-5.1.6-43.0.1.AXS3 (AXSA:2014-315:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-315:01 advisory. PHP is an HTML-embedded scripting language that allows developers to write dynamically generated web pages. PHP is ideal for writing database-enabled...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2025-9858:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9858:01 advisory. golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints CVE-2024-45341 golang: net/http: net/http: sensitive header...

EUVD-2009-2658

Malware in sbrugna...

EUVD-2018-11909

Malware in sbrugna...

EUVD-2013-7060

Malware in sbrugna...

EUVD-2019-11403

Malware in sbrugna...

EUVD-2010-1227

Malware in sbrugna...

EUVD-2023-2523

Malicious code in bioql PyPI...

SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2025:02045-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02045-1 advisory. Update to 20.19.2: - CVE-2025-23166: improper error handling in async cryptographic operations crashes process...

CVE-2017-14037

CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability...

CVE-2024-43445

A vulnerability exists in OTRS and OTRS Community Edition that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. This issue affects:...

CVE-2024-51464

IBM i versions 7.3, 7.4, and 7.5 are affected by CVE-2024-51464, a vulnerability that allows bypassing Navigator for i interface restrictions. An authenticated attacker can send a specially crafted request to remotely perform actions the user is not allowed to perform through Navigator for i. The...

SUSE-SU-2023:3823-1 Security update for curl

This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. bsc1215026...

SUSE-SU-2023:3692-1 Security update for curl

This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. bsc1215026...

PT-2023-21673

Name of the Vulnerable Software and Affected Versions Rails versions prior to 7.0.5.1 Rails versions prior to 6.1.7.4 Description The redirect to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream...

USN-4532-1 netty-3.9 vulnerabilities

It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header with whitespace before the colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. CVE-2019-16869 It was discovered that Netty incorrectly handled certain...