Lucene search
K

67 matches found

OSV
OSV
added 2026/06/30 9:6 a.m.3 views

SUSE-SU-2026:2695-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...

9.8CVSS6.1AI score0.02806EPSS
Exploits3References39
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.9 views

SUSE SLES15 Security Update : nodejs22 (SUSE-SU-2026:2647-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2647-1 advisory. This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on...

9.8CVSS6.8AI score0.02806EPSS
Exploits3References58
OSV
OSV
added 2026/06/26 10:34 a.m.4 views

SUSE-SU-2026:2647-1 Security update for nodejs22

This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...

9.8CVSS6.6AI score0.02806EPSS
Exploits3References39
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLES15 Security Update : nodejs24 (SUSE-SU-2026:2633-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2633-1 advisory. This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to...

9.8CVSS6.8AI score0.02806EPSS
Exploits3References64
OSV
OSV
added 2026/06/25 1:50 p.m.2 views

OPENSUSE-SU-2026:21058-1 Security update for nodejs22

This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...

9.8CVSS7AI score0.26356EPSS
Exploits3References52
OSV
OSV
added 2026/06/25 1:34 p.m.2 views

SUSE-SU-2026:2633-1 Security update for nodejs24

This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to uncontrolled resource consumption bsc1268480. - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response...

9.8CVSS6AI score0.02806EPSS
Exploits3References43
OSV
OSV
added 2026/06/25 12:57 p.m.2 views

SUSE-SU-2026:22368-1 Security update for nodejs22

This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...

9.8CVSS7AI score0.26356EPSS
Exploits3References53
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

Oracle Linux 9 : samba (ELSA-2026-25049)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25049 advisory. - Security release for CVE-2026-1933 CVE-2026-2340 CVE-2026-3012 CVE-2026-4480 CVE-2026-40170 CVE-2026-4408 - resolves: RHEL-156319 - CVE-2026-1933...

9.8CVSS5.9AI score0.12797EPSS
Exploits10References7
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.12 views

RockyLinux 9 : samba (RLSA-2026:25049)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25049 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...

9.8CVSS6AI score0.12797EPSS
Exploits10References13
OSV
OSV
added 2026/06/11 12:5 p.m.9 views

RLSA-2026:22963 Critical: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: Missing access check on reparse point operations...

9CVSS6AI score0.12797EPSS
Exploits10References7
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

RockyLinux 10 : samba (RLSA-2026:22963)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22963 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...

9.8CVSS6.1AI score0.12797EPSS
Exploits10References13
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.74 views

AlmaLinux 9 : samba (ALSA-2026:25049)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25049 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...

9.8CVSS6.1AI score0.12797EPSS
Exploits10References8
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.9 views

AlmaLinux 10 : samba (ALSA-2026:22963)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:22963 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...

9.8CVSS6.1AI score0.12797EPSS
Exploits10References8
RedHat Linux
RedHat Linux
added 2026/06/03 9:52 p.m.10 views

ngtcp2: ngtcp2: Denial of service via stack buffer overflow during QUIC handshake

A flaw was found in ngtcp2, a C implementation of the IETF QUIC Quick UDP Internet Connections protocol. A remote attacker can exploit a stack buffer overflow vulnerability by sending specially crafted, large transport parameters during the QUIC handshake. This occurs when the qlog callback is...

7.5CVSS5.9AI score0.00776EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/06/03 9:52 p.m.12 views

Critical: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS6.1AI score0.12797EPSS
Exploits10References7
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.11 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : ngtcp2 vulnerability (USN-8300-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8300-1 advisory. Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking...

7.5CVSS6AI score0.00776EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2026/05/25 10:58 a.m.18 views

USN-8300-1: ngtcp2 vulnerability

Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog was enabled, a remote attacker could possibly use this issue to execute arbitrary code...

7.5CVSS5.9AI score0.00776EPSS
Exploits1
OSV
OSV
added 2026/05/25 10:58 a.m.9 views

USN-8300-1 ngtcp2 vulnerability

Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog was enabled, a remote attacker could possibly use this issue to execute arbitrary code...

7.5CVSS5.9AI score0.00776EPSS
Exploits1References2
Hacker One
Hacker One
added 2026/05/21 10:58 a.m.6 views

curl: CVE-2026-9545: exposing HTTP/3 early data

Summary: When the ngtcp2 HTTP/3 backend reuses a TLS session that advertises early data support, cfngtcp2onsessionreuse initializes the HTTP/3 connection state and marks the connection filter as connected before the new QUIC/TLS handshake has completed. The request send path can then reach...

7.5CVSS6AI score0.00408EPSS
Exploits1
OSV
OSV
added 2026/05/04 1:12 p.m.7 views

JLSEC-2026-426 When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool...

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

5.9CVSS5.8AI score0.00227EPSS
Exploits0References4
Rows per page
Query Builder