[SECURITY] Fedora 44 Update: perl-HTTP-Tiny-0.094-1.fc44

This is a very simple HTTP/1.1 client, designed for doing simple GET requests without the overhead of a large framework like LWP::UserAgent. It is more correct and more complete than HTTP::Lite. It supports proxies currently only non-authenticating ones and redirection. It also correctly resumes...

Insufficiently Protected Credentials

Overview @hapi/wreck is a HTTP Client Utilities library. Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to leaking the sensitive Proxy-Authorization header across cross-hostname redirects. An attacker can obtain sensitive proxy credentials by inducing...

Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...

PT-2026-44093

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin LoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefo...

HTTP::Daemon 安全漏洞

HTTP::Daemon is a simple HTTP class developed under the open-source license of libwww-perl. Versions of HTTP::Daemon prior to version 6.17 contained security vulnerabilities. These vulnerabilities stemmed from the use of the Perl’s 2-arg open method to open string parameters, which could lead to ...

Tenable Sensor Proxy < 1.4.0 Multiple Vulnerabilities (TNS-2026-15)

According to its self-reported version, the Tenable Sensor Proxy running on the remote host is prior to 1.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-15 advisory. - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1714)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1714 advisory. When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of ra...

ALSA-2026:21433 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...

Amazon Linux 2023 : libsoup, libsoup-devel (ALAS2023-2026-1758)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1758 advisory. OOB Read via Integer Overflow on libsoup through libsoup/websocket/soup-websocket-connection.c via processframe leads to Undefined Behavior CVE-2026-0716 A flaw was found in libsoup, an HTTP...

Amazon Linux 2023 : mod_http2 (ALAS2023-2026-1724)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1724 advisory. Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes...

Linux Distros Unpatched Vulnerability : CVE-2026-8450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form...

Amazon Linux 2 : httpd, --advisory ALAS2-2026-3314 (ALAS-2026-3314)

The version of httpd installed on the remote host is prior to 2.4.67-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3314 advisory. An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read...

Fedora 44 : perl-HTTP-Tiny (2026-703a749924)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-703a749924 advisory. 0.094 - fix to prevent invalid characters in all headers, and prevent header smuggling CVE-2026-7010 Tenable has extracted the preceding description block...

Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-012 (ALASNGINX1-2026-012)

The version of nginx installed on the remote host is prior to 1.30.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NGINX1-2026-012 advisory. When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof...

ALSA-2026:21380 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefo...

Amazon Linux 2 : runc, --advisory ALAS2ECS-2026-119 (ALASECS-2026-119)

The version of runc installed on the remote host is prior to 1.3.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-119 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-119 (ALASDOCKER-2026-119)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-119 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory a...

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-116 (ALASECS-2026-116)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-116 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory an...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2NITRO-ENCLAVES-2026-107 (ALASNITRO-ENCLAVES-2026-107)

The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-107 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can...