Security update for netty

This update for netty fixes the following issues: CVE-2025-55163: Fixed "MadeYouReset" DoS attack in HTTP/2 protocol including DNS over HTTPS bsc1247991 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:03021-1 Security update for netty

This update for netty fixes the following issues: - CVE-2025-55163: Fixed 'MadeYouReset' DoS attack in HTTP/2 protocol including DNS over HTTPS bsc1247991...

CVE-2025-55763

CVE-2025-55763 describes a buffer overflow in CivetWeb’s URI parser (versions 1.14–1.16) that can be triggered by a crafted HTTP request, allowing a remote attacker to potentially execute arbitrary code or cause a denial of service by corrupting heap memory during request processing. The connecte...

Turndown 安全漏洞

Turndown is an HTML to Markdown converter open source by mixmark-io. A security vulnerability exists in Turndown 7.2.1 and earlier versions, which stems from a regular expression inefficiency in the file src/commonmark-rules.js that could lead to a denial-of-service attack...

CVE-2025-55618

In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered...

CLSA-2025-1756323821 php: Fix of CVE-2025-1736

CVE-2025-1736: fix incorrect validation of CRLF in http headers...

Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: Upgraded to version 9.4.58.v20250814: - CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol including DNS over HTTPS bsc1244252 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

Security update for tomcat11

This update for tomcat11 fixes the following issues: Updated to Tomcat 11.0.10 - CVE-2025-48989: Fixed "MadeYouReset" DoS in HTTP/2 due to client triggered stream reset bsc1243895 Other fixes: Catalina + Fix: Fix bloom filter population for archive indexing when using a packed WAR containing one...

CVE-2025-55618

CVE-2025-55618 describes an HTML injection in Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d where an attacker can inject payloads into the profile name field that are rendered by the app. The NVD entry lists CVSSv3.1: 7.3 (High) with network attack vector, no privileges required, and no use...

CVE-2025-55618

In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered...

Linux Distros Unpatched Vulnerability : CVE-2019-20041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wpksesbadprotocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as...

Linux Distros Unpatched Vulnerability : CVE-2024-55918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. There is an ambiguity between modules and filenames that can lead to HTML...

Linux Distros Unpatched Vulnerability : CVE-2021-21333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In...

CVE-2025-35115 Agiloft insecure download of system packages

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30...

jsPDF Denial of Service (DoS)

Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of...

CVE-2025-52217

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML...

CVE-2025-52217

The CVE-2025-52217 vulnerability affects SelectZero Data Observability Platform prior to version 2025.5.2. The issue stems from improper handling of user-supplied input in legacy UI fields, enabling HTML injection. Impact is HTML injection via these UI components; attack vector is user interactio...

CVE-2025-52219

CVE-2025-52219 affects SelectZero Data Observability Platform older than 2025.5.2, where an Open Redirect vulnerability exists due to legacy UI fields allowing arbitrary external links via HTML Injection. Affected component is the web UI frontend, with the root cause described as an open redirect...

CVE-2025-52217

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML...

CVE-2025-52217

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML...