44 matches found
ROOT-OS-UBUNTU-2404-CVE-2025-40170 CVE-2025-40170 in rootio-linux - Patched by Root
Root has patched CVE-2025-40170 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-40170 CVE-2025-40170 in rootio-linux - Patched by Root
Root has patched CVE-2025-40170 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2025-40170 CVE-2025-40170 in rootio-linux - Patched by Root
Root has patched CVE-2025-40170 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2025-40170 CVE-2025-40170 in rootio-linux - Patched by Root
Root has patched CVE-2025-40170 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
Critical: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability...
Important: Red Hat Security Advisory: kernel-rt security update
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 9 : kernel-rt (RHSA-2026:26462)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26462 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...
RockyLinux 9 : samba (RLSA-2026:25049)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25049 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...
samba security update
An update is available for samba. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Samba is an open-source implementation of the Server Message Block SMB protoco...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: ngtcp2
Issue Overview: ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently...
Amazon Linux 2023 : ngtcp2, ngtcp2-crypto-gnutls, ngtcp2-crypto-gnutls-devel (ALAS2023-2026-1633)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1633 advisory. ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer...
Fedora 44 : ngtcp2 (2026-705eb9cf95)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-705eb9cf95 advisory. Update to 1.22.1 rhbz2452790 - Fixes CVE-2026-40170 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...
Fedora 43 : ngtcp2 (2026-a0f25484e9)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a0f25484e9 advisory. Update to 1.22.1 rhbz2452790 - Fixes CVE-2026-40170 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...
libngtcp2-16-1.22.1-1.1 on GA media (moderate)
libngtcp2-16-1.22.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10621-1 Rating: moderate Cross-References: CVE-2026-40170 CVSS scores: CVE-2026-40170 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-40170 SUSE : 8.7...
Debian dsa-6222 : libngtcp2-16 - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6222 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6222-1 [email protected] https://www.debian.org/security/...
CVE-2026-40170
creationtimestamp| type| source ---|---|--- 2026-04-16 23:18:23+00:00| published-proof-of-concept| Telegram/x6U1CUbtpfWdw00zGhzow4OOkK7AiEHUVbiM6o3SMYH6zs0 2026-04-17 00:03:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjnmqlsfem26 2026-04-17 17:12:30+00:00| seen|...
CVE-2026-40170
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...
MiracleLinux 9 : kernel-5.14.0-611.30.1.el9_7 (AXSA:2026-192:12)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-192:12 advisory. kernel: net: openvswitch: fix nested key length validation in the set action CVE-2025-37789 kernel: Linux kernel: irqchip/gic-v2m use-after-free...