12640 matches found
CVE-2026-9262
CVE-2026-9262 affects Canon EOS Network Setting Tool (Version 1.5.0 or earlier). The issue is the use of a non-secure protocol by default in FTP configuration. Reported CVSS metrics indicate a Network attack with high confidentiality impact (CVSS 3.1: 6.5 base, MEDIUM) and a notable impact under ...
CVE-2026-9262
Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
EUVD-2026-36459
Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion...
Use of Weak Hash
Overview Affected versions of this package are vulnerable to Use of Weak Hash due to the use of a weak 32-bit hash in the HttpTransferCache. When a victim visits a crafted link containing the colliding parameter, the SSR process executes both the search request and the profile request. Due to the...
@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning
Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...
GHSA-39PV-4J6C-2G6V @angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning
Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...
@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache
A vulnerability was discovered in @angular/common when Server-Side Rendering SSR and hydration are enabled. The HttpTransferCache utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via TransferState...
GHSA-Q6F4-QQRG-JV6X @angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache
A vulnerability was discovered in @angular/common when Server-Side Rendering SSR and hydration are enabled. The HttpTransferCache utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via TransferState...
Modification of Assumed-Immutable Data
Overview @angular/core is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this...
Angular Client Hydration DOM Clobbering & Response-Cache Poisoning
To optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via provideClientHydration. During SSR, Angular serializes the application's runtime state such as cached HttpClient responses and outputs it into the HTML stream as a tag with a predictable...
GHSA-RGJC-H3X7-9MWG Angular Client Hydration DOM Clobbering & Response-Cache Poisoning
To optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via provideClientHydration. During SSR, Angular serializes the application's runtime state such as cached HttpClient responses and outputs it into the HTML stream as a tag with a predictable...
PT-2026-49548
Name of the Vulnerable Software and Affected Versions Canon EOS Network Setting Tool versions prior to 1.5.1 Description The software uses a non-secure protocol as the default FTP configuration, which may allow sensitive data to be transmitted without encryption. Recommendations Update to a versi...
Important: postfix security update
The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 For more details about the security issues, including the impact, a CVSS score,...
RHEL 8 : postfix (RHSA-2026:25932)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25932 advisory. The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffe...
ALSA-2026:25932 Important: postfix security update
The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 For more details about the security issues, including the impact, a CVSS score,...
Fedora 44 : bind9-next (2026-dbb0776ac5)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dbb0776ac5 advisory. Update to 9.21.22 rhbz2480122 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...
SUSE SLES12 Security Update : google-osconfig-agent (SUSE-SU-2026:2347-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2347-1 advisory. This update for google-osconfig-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improp...
SUSE CVE-2026-46433
lldpd is an implementation of IEEE 802.1ab LLDP. Prior to version 1.0.22, lldpddecode in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove to shift the frame payload 4 bytes left. The third argument byte count is s - 2 ETHERADDRLEN but should be s - 2...
Updated packages fix security vulnerabilities
CVE-2026-49261 MariaDB server has unsafe parameter handling in wsrepnotifycmd CVE-2026-48165 MariaDB: unsafe usage of wsrepsstreceiveaddress values on the joiner side CVE-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side rsync...
EUVD-2026-36606
An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recover...