Characterizing and Modeling the GitHub Security Advisories Review Pipeline

GitHub Security Advisories GHSA have become a central component of open-source vulnerability disclosure and are widely used by developers and security tools. A distinctive feature of GHSA is that only a fraction of advisories are reviewed by GitHub, while the mechanisms associated with this revie...

GO-2026-4322 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik

Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik...

CVE-2026-22045 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the...

CVE-2026-22045

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the...

CVE-2026-22045

Summary: CVE-2026-22045 affects Traefik’s ACME TLS-ALPN fast path. When ACME TLS challenge is enabled, an unauthenticated client can open many connections and stall the ClientHello with acme-tls/1, causing goroutines and file descriptors to be tied up indefinitely and leading to DoS at the entryp...

PT-2025-40976

Name of the Vulnerable Software and Affected Versions Tenda AC20 versions up to 16.03.08.12 Description A flaw exists in Tenda AC20 that allows remote attackers to trigger a buffer overflow. The issue is located in the sscanf function within the /goform/fast setting wifi set file. The timeZone...

Kudzu: Fast and Simple High-Throughput BFT

We present Kudzu, a high-throughput atomic broadcast protocol with an integrated fast path. Our contribution is based on the combination of two lines of work. Firstly, our protocol achieves finality in just two rounds of communication if all but $p$ out of $n = 3f + 2p + 1$ participating replicas...

AZL-50979 CVE-2024-47678 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1 host wide ratelimit icmpglobalallow 2 Per destination ratelimit inetpeer based In...

SUSE CVE-2024-44943

In the Linux kernel, the following vulnerability has been resolved: mm: gup: stop abusing trygrabfolio A kernel warning was reported when pinning folio in CMA memory when launching SEV virtual machine. The splat looks like: 464.325306 WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313...

DEBIAN-CVE-2024-44943

In the Linux kernel, the following vulnerability has been resolved: mm: gup: stop abusing trygrabfolio A kernel warning was reported when pinning folio in CMA memory when launching SEV virtual machine. The splat looks like: 464.325306 WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313...

SUSE CVE-2024-42148

In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equal to FPSBMAXE1x...

DEBIAN-CVE-2024-42148

In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equal to FPSBMAXE1x...

PT-2022-34208 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.211 Description: The issue is related to the RISC-V architecture in the Linux Kernel. It involves the crash kexec function, which has a fast call path that may pose a potential security risk. The actual...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...