openSUSE 16 Security Update : libsoup (openSUSE-SU-2026:20845-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20845-1 advisory. This update for libsoup fixes the following issue - CVE-2026-4271: use-after-free in the HTTP/2 server when user signal handlers disconnect connections...

Security update for libsoup (important)

openSUSE security update: security update for libsoup ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20845-1 Rating: important References: bsc1259767 Cross-References: CVE-2026-4271 CVSS scores: CVE-2026-4271 SUSE : 8.6...

OPENSUSE-SU-2026:20845-1 Security update for libsoup

This update for libsoup fixes the following issue - CVE-2026-4271: use-after-free in the HTTP/2 server when user signal handlers disconnect connections during callback execution bsc1259767...

JLSEC-2026-416 When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of...

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1404)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1404 advisory. Bypass File System Permissions using crafted symlinks CVE-2025-55130 A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using th...

EUVD-2022-6436

Malicious code in bioql PyPI...

EUVD-2025-10901

Malicious code in bioql PyPI...

EUVD-2024-27350

Malicious code in bioql PyPI...

TencentOS Server 3: curl (TSSA-2024:0408)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0408 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: nodejs (TSSA-2024:0613)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0613 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

K000151779: Node.js vulnerabilities CVE-2025-23083 and CVE-2025-23085

Security Advisory Description CVE-2025-23083 With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be...

CVE-2025-32908

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service DoS...

CVE-2025-32908

Affects libsoup3: the HTTP/2 server may not fully validate pseudo-headers (:scheme, :authority, :path), enabling potential DoS by crafted requests. Public disclosures span Fedora advisories and Amazon Linux ALAS entries, which indicate a need to upgrade to a patched libsoup3 version (e.g., 3.6.5 ...

CVE-2025-32908

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service DoS...

CVE-2025-32908 Libsoup: denial of service on libsoup through http/2 server

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service DoS...

Linux Distros Unpatched Vulnerability : CVE-2023-39325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js (CVE-2025-23085, CVE-2025-23084 & CVE-2025-22150)

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js. Vulnerability Details CVEID:CVE-2025-23085 DESCRIPTION: A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header wa...

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2025-23085)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23085 advisory. - A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2025-23085)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23085 advisory. - A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY...

BIT-NODE-2025-23085

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...