1498 matches found
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS : curl vulnerabilities (USN-8525-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8525-1 advisory. Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP...
RockyLinux 9 : nginx:1.26 (RLSA-2026:36639)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:36639 advisory. nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers CVE-2026-42055 Bug Fixes and Enhancements:...
Important: Red Hat Security Advisory: httpd:2.4 security update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Commo...
Important: Red Hat Security Advisory: nginx:1.24 security, bug fix, and enhancement update
An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RockyLinux 9 : nginx:1.24 (RLSA-2026:36618)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:36618 advisory. nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers CVE-2026-42055 Bug Fixes and Enhancements:...
ROOT-APP-MAVEN-CVE-2026-48043 CVE-2026-48043 in io.root.io.netty:netty-codec-http2 - Patched by Root
Root has patched CVE-2026-48043 in the io.root.io.netty:netty-codec-http2 package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-33871 CVE-2026-33871 in io.root.io.netty:netty-codec-http2 - Patched by Root
Root has patched CVE-2026-33871 in the io.root.io.netty:netty-codec-http2 package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-47244 CVE-2026-47244 in io.root.io.netty:netty-codec-http2 - Patched by Root
Root has patched CVE-2026-47244 in the io.root.io.netty:netty-codec-http2 package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-55163 CVE-2025-55163 in io.root.io.netty:netty-codec-http2 - Patched by Root
Root has patched CVE-2025-55163 in the io.root.io.netty:netty-codec-http2 package for Root:Maven. Multiple fixed versions available...
OESA-2026-2821 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
OESA-2026-2820 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
SUSE-SU-2026:2759-1 Security update for apache2
This update for apache2 fixes the following issues - CVE-2026-29167: modldap per-dir use-after-free bsc1267976. - CVE-2026-29170: modproxyftp XSS bsc1267977. - CVE-2026-34355: modproxyhtml buffer overflow bsc1267978. - CVE-2026-34356: malicious backend servers can lead to a heap-based buffer...
ALSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...
ALPINE-CVE-2026-10536
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...
ROOT-APP-MAVEN-CVE-2025-1948 CVE-2025-1948 in io.root.org.eclipse.jetty.http2:jetty-http2-common - Patched by Root
Root has patched CVE-2025-1948 in the io.root.org.eclipse.jetty.http2:jetty-http2-common package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-5115 CVE-2025-5115 in io.root.org.eclipse.jetty.http2:jetty-http2-common - Patched by Root
Root has patched CVE-2025-5115 in the io.root.org.eclipse.jetty.http2:jetty-http2-common package for Root:Maven. Multiple fixed versions available...
OPENSUSE-SU-2026:21213-1 Security update for containerd
This update for containerd fixes the following issues Update to 1.7.33: - CVE-2024-25621: overly broad default permission vulnerability bsc1253126. - CVE-2025-64329: goroutine leaks can lead to memory exhaustion on the host bsc1253132. - CVE-2026-33186: google.golang.org/grpc: authorization bypas...
netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak
A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...
CVE-2026-54428
Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...
UBUNTU-CVE-2026-54428
Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...