4639 matches found
MINI-CMQ8-GWH6-V666
Bulletin has no description...
MINI-V73J-P4VP-5WXC
Bulletin has no description...
MINI-F9M9-XJX5-H7XV
Bulletin has no description...
DEBIAN-CVE-2026-56115
dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...
DEBIAN-CVE-2026-57062
CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...
DEBIAN-CVE-2026-11940
tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...
DEBIAN-CVE-2026-57053
GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idnatounicodeinternal. The affected code is not present in libidn2...
MINI-476H-33C2-9HWX
Bulletin has no description...
MINI-32G2-CQQW-WF7R
Bulletin has no description...
MINI-QV9H-2GX5-9XQH
Bulletin has no description...
MINI-XXMR-W2V5-PJQ8
Bulletin has no description...
MINI-RVX9-59HC-C84H
Bulletin has no description...
MINI-CMPM-M559-JM96
Bulletin has no description...
RHSA-2026:27804 Red Hat Security Advisory: webkit2gtk3 security update
Bulletin has no description...
DEBIAN-CVE-2026-55655
A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...
DEBIAN-CVE-2026-54293
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
DEBIAN-CVE-2026-54278
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be...
DEBIAN-CVE-2026-54275
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...
DEBIAN-CVE-2026-54277
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send...
MINI-2J2Q-J9JH-5F46
Bulletin has no description...