openSUSE 16 Security Update : apptainer (openSUSE-SU-2026:20834-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20834-1 advisory. Changes in apptainer: - Fix CVE-2026-39827, CVE-2026-39834, CVE-2026-39828, CVE-2026-39829, CVE-2026-39831, CVE-2026-42508, CVE-2026-39833,...

CVE-2026-46597 affecting package kubevirt for versions less than 1.7.1-5

CVE-2026-46597 affecting package kubevirt for versions less than 1.7.1-5. A patched version of the package is available...

CVE-2026-46597 affecting package telegraf for versions less than 1.31.0-21

CVE-2026-46597 affecting package telegraf for versions less than 1.31.0-21. A patched version of the package is available...

CVE-2026-46597 affecting package docker-buildx for versions less than 0.14.0-13

CVE-2026-46597 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...

CVE-2026-46597 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-route53recoverycontrolconfig-fips, crossplane-aws-provider, crossplane-provider-aws-cloudtrail-fips, frankenphp-8.2, crossplane, mods, kubernetes-dashboard, crossplane-provider-aws-lambda, crossplane-provider-azure-servicebus,...

SUSE CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

CVE-2026-46597

creationtimestamp| type| source ---|---|--- 2026-05-22 06:16:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmgbwgulo32c...

DEBIAN-CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

UBUNTU-CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

CVE-2026-46597

CVE-2026-46597 describes an incorrectly placed cast from bytes to int that can cause a server-side panic in the AES-GCM packet decoder when processing crafted inputs. The entry lists high availability impact with network-based exploitability and no privileges required, but the provided documents ...

CVE-2025-46597

creationtimestamp| type| source ---|---|--- 2025-10-25 22:57:52+00:00| seen| https://bsky.app/profile/earlybirdsinvest.bsky.social/post/3m42igc6k2b2t 2026-03-23 15:00:27+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqd7rymcj2h...

CVE-2024-46597

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2022-46597

TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sysservice parameter in the setupwizardmydlink sub4104B8 function...

CVE-2022-46597

creationtimestamp| type| source ---|---|--- 2025-04-11 16:51:11+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11461...

CVE-2024-46597

creationtimestamp| type| source ---|---|--- 2024-09-18 17:35:15+00:00| seen| https://t.me/cvedetector/5986...

CVE-2024-46597

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-46597

The CVE covers the DrayTek Vigor 3910, affected by a buffer overflow in the sPubKey parameter of dialin.cgi on firmware v4.3.2.6. The root cause is improper input length validation for sPubKey, enabling a crafted input to cause a Denial of Service. No exploitation details or mitigations are provi...