SUSE-SU-2026:21879-1 Security update for libsoup

This update for libsoup fixes the following issue - CVE-2026-4271: use-after-free in the HTTP/2 server when user signal handlers disconnect connections during callback execution bsc1259767...

RLSA-2026:15968 Moderate: libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

ALPINE-CVE-2026-21714

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...

MiracleLinux 9 : conmon-2.1.7-1.el9 (AXSA:2023-5520:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5520:02 advisory. golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 Tenable has extracted the preceding description block...

EUVD-2018-18903

Malware in sbrugna...

CVE-2025-32908

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service DoS...

DEBIAN-CVE-2025-23085

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...

CVE-2025-23085

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...

Important: nodejs20

Issue Overview: NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data i...

RHEL 8 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Denial Of Service (DoS)

Golang.org/x/net is vulnerable to Denial of Service DoS. This vulnerability exists due to a flaw which allows a user to send a request, and quickly cancel it. The http2.Server.MaxConcurrentStreams limits the amount of allowed inflight requests, but does not handle the situation of resetting the...

Important: Red Hat Security Advisory: Red Hat Fuse 7.11.1 release and security update

A minor version update from 7.11 to 7.11.1 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

[SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2485-1 [email protected] https://www.debian.org/lts/security/ Brian May December 09, 2020 https://wiki.debian.org/LTS -...

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2018:1918-1)

This update for nodejs8 to version 8.11.3 fixes the following issues: These security issues were fixed : - CVE-2018-7167: Calling Buffer.fill or Buffer.alloc with some parameters could have lead to a hang which could have resulted in a DoS bsc1097375. - CVE-2018-7161: By interacting with the http...

nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

openSUSE Security Update : nodejs8 (openSUSE-2018-724)

This update for nodejs8 to version 8.11.3 fixes the following issues : These security issues were fixed : - CVE-2018-7167: Calling Buffer.fill or Buffer.alloc with some parameters could have lead to a hang which could have resulted in a DoS bsc1097375. - CVE-2018-7161: By interacting with the htt...

Security update for nodejs8 (moderate)

This update for nodejs8 to version 8.11.3 fixes the following issues: These security issues were fixed: - CVE-2018-7167: Calling Buffer.fill or Buffer.alloc with some parameters could have lead to a hang which could have resulted in a DoS bsc1097375. - CVE-2018-7161: By interacting with the http2...

SUSE-SU-2018:1918-1 Security update for nodejs8

This update for nodejs8 to version 8.11.3 fixes the following issues: These security issues were fixed: - CVE-2018-7167: Calling Buffer.fill or Buffer.alloc with some parameters could have lead to a hang which could have resulted in a DoS bsc1097375. - CVE-2018-7161: By interacting with the http2...

DEBIAN-CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...