GHSA-HPV4-5H6F-WQR3 russh server userauth state is not reset when authentication principal changes

Summary The russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not that...

russh server userauth state is not reset when authentication principal changes

Summary The russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not that...

PT-2026-45018

Summary The russh server authentication path keeps internal userauth state across SSH MSG USERAUTH REQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not...

CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAYBACKLOG requests MAYBACKLOG requests can return EBUSY. Handle them by checking for that value and filtering out EINPROGRESS notifications...

CVE-2026-43493

CVE-2026-43493 affects the Linux kernel crypto/pcrypt code and concerns MAY_BACKLOG handling. MAY_BACKLOG requests could return EBUSY; the fix adds a check for EBUSY and filters out EINPROGRESS notifications, addressing potential processing instability. The vulnerability is resolved in the Linux ...

CVE-2026-43493

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAYBACKLOG requests MAYBACKLOG requests can return EBUSY. Handle them by checking for that value and filtering out EINPROGRESS notifications...

PT-2026-41875

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the pcrypt crypto component regarding the handling of MAY BACKLOG requests. These requests can return an EBUSY error, which requires proper handling by checking for th...

SUSE CVE-2026-31741

In the Linux kernel, the following vulnerability has been resolved: counter: rz-mtu3-cnt: prevent counter from being toggled multiple times Runtime PM counter is incremented / decremented each time the sysfs enable file is written to. If user writes 0 to the sysfs enable file multiple times,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix for double invocation of the request function. If a netfs request completes during the pause loop, the reference belonging to the INPROGRESS flag will be removed at that point. However, if the request proceeds to the...

CVE-2026-31741

In the Linux kernel, the following vulnerability has been resolved: counter: rz-mtu3-cnt: prevent counter from being toggled multiple times Runtime PM counter is incremented / decremented each time the sysfs enable file is written to. If user writes 0 to the sysfs enable file multiple times,...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the skip function. An attacker can cause a crash or read unintended memory by providing specially crafted input that triggers an out-of-bounds access. Remediation Upgrade thrift to version 0.23.0 or higher...

EUVD-2026-23362

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

CVE-2026-5807

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

CVE-2026-5807

Vault is vulnerable to a denial-of-service condition: an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot and preventing legitimate operators from completing these workflows. The issue is fixed in...

CVE-2026-5807 Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

PT-2026-33406

Name of the Vulnerable Software and Affected Versions Vault Community Edition versions prior to 2.0.0 Vault Enterprise versions prior to 2.0.0 Description An unauthenticated attacker can cause a denial-of-service condition by repeatedly initiating or canceling root token generation or rekey...

Weblate: Improper access control for pending tasks in API

Impact The API for tasks didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. Patches https://github.com/WeblateOrg/weblate/pull/18515 Workarounds The attacker needs to guess the random UUID of the task, so...

GHSA-VJ45-X3PJ-F4W4 Weblate: Improper access control for pending tasks in API

Impact The API for tasks didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. Patches https://github.com/WeblateOrg/weblate/pull/18515 Workarounds The attacker needs to guess the random UUID of the task, so...

CVE-2026-33212

Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...

EUVD-2026-20513

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to rea...