Security update for apache2

This update for apache2 fixes the following issues CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163...

Important: httpd

Issue Overview: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue. CVE-2026-24072 Heap-based Buffer...

OESA-2026-2401 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

CVE-2025-14341

DivvyDrive Information Technologies’ DivvyDrive contains a vulnerability (CVE-2025-14341) due to improperly controlled modification of dynamically-determined object attributes, causing Excessive Allocation/Resource Flooding. Affected versions are 4.8.2.19 prior to 4.8.3.2. The issue has NETWORK a...

CVE-2025-6016 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain...

Security Bulletin: IBM Security Directory Suite is affected by multiple vulnerabilities (CVE-2025-48976, CVE-2025-36047, CVE-2025-53066, CVE-2025-53057)

Summary IBM Security Directory Suite is affected by WebSphere Liberty vulnerabilities CVE‑2025‑48976, CVE‑2025‑36047 and Java vulnerabilities CVE‑2025‑53066, CVE‑2025‑53057. These vulnerabilities have been addressed with an update. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An...

ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling

A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx...

CVE-2025-12562 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits...

Security Bulletin: Allocation of resources without limits, heap-buffer-overread, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency service is vulnerable to allocation of resources without limits, heap-buffer-overread, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-32988 DESCRIPTION: A flaw was found in GnuTLS. A double-free vulnerability...

OESA-2025-2369 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Allocation of Resources Without Limits or Throttling...

Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to multiple vulnerabilities.

Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to a multiple vulnerabilities. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-46701 DESCRIPTION: Improper Handling of Case Sensitivity vulnerability ...

Apache Tomcat 11.0.0.M1 < 11.0.8 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 11.0.8. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.8security-11 advisory. - Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the...

Security Bulletin: IBM Rhapsody Systems Engineering is using next-14.2.15.tgz which is vulnerable to CVE-2024-56332

Summary A security vulnerability was identified in the Next.js package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Following IBM® Engineering Lifecycle Engineering product is...

CVE-2025-30409

CVE-2025-30409 affects Acronis Cyber Protect Cloud Agent (Windows) prior to build 39904. The issue is a denial of service caused by allocation of resources without limits, leading to availability impact as described in multiple feeds. The Red Hat, NVD, and CVE records consistently cite this vulne...

CVE-2023-51393

Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 delivered as part of Silicon Labs Gecko SDK v4.4.0 which may enable attackers to trigger a bus fault and crash of the device, requiring a...