67 matches found
SUSE-SU-2026:2695-1 Security update for nodejs22
This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...
SUSE SLES15 Security Update : nodejs22 (SUSE-SU-2026:2647-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2647-1 advisory. This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on...
SUSE-SU-2026:2647-1 Security update for nodejs22
This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...
SUSE SLES15 Security Update : nodejs24 (SUSE-SU-2026:2633-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2633-1 advisory. This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to...
OPENSUSE-SU-2026:21058-1 Security update for nodejs22
This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...
SUSE-SU-2026:2633-1 Security update for nodejs24
This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to uncontrolled resource consumption bsc1268480. - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response...
SUSE-SU-2026:22368-1 Security update for nodejs22
This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...
Oracle Linux 9 : samba (ELSA-2026-25049)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25049 advisory. - Security release for CVE-2026-1933 CVE-2026-2340 CVE-2026-3012 CVE-2026-4480 CVE-2026-40170 CVE-2026-4408 - resolves: RHEL-156319 - CVE-2026-1933...
RockyLinux 9 : samba (RLSA-2026:25049)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25049 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...
RLSA-2026:22963 Critical: samba security update
Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: Missing access check on reparse point operations...
RockyLinux 10 : samba (RLSA-2026:22963)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22963 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...
AlmaLinux 9 : samba (ALSA-2026:25049)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25049 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...
AlmaLinux 10 : samba (ALSA-2026:22963)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:22963 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...
ngtcp2: ngtcp2: Denial of service via stack buffer overflow during QUIC handshake
A flaw was found in ngtcp2, a C implementation of the IETF QUIC Quick UDP Internet Connections protocol. A remote attacker can exploit a stack buffer overflow vulnerability by sending specially crafted, large transport parameters during the QUIC handshake. This occurs when the qlog callback is...
Critical: Red Hat Security Advisory: samba security update
An update for samba is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : ngtcp2 vulnerability (USN-8300-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8300-1 advisory. Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking...
USN-8300-1: ngtcp2 vulnerability
Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog was enabled, a remote attacker could possibly use this issue to execute arbitrary code...
USN-8300-1 ngtcp2 vulnerability
Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog was enabled, a remote attacker could possibly use this issue to execute arbitrary code...
curl: CVE-2026-9545: exposing HTTP/3 early data
Summary: When the ngtcp2 HTTP/3 backend reuses a TLS session that advertises early data support, cfngtcp2onsessionreuse initializes the HTTP/3 connection state and marks the connection filter as connected before the new QUIC/TLS handshake has completed. The request send path can then reach...
JLSEC-2026-426 When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool...
When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...