CVE-2026-11347

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : nginx vulnerabilities (USN-8354-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8354-1 advisory. It was discovered that nginx did not properly validate source addresses in the HTTP/3 QUIC module. A remote attacker coul...

USN-8354-1: nginx vulnerabilities

It was discovered that nginx did not properly validate source addresses in the HTTP/3 QUIC module. A remote attacker could possibly use this issue to bypass authorization checks or rate limiting. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. CVE-2026-40460 It was discovered that nginx...

openSUSE 16 Security Update : nginx (openSUSE-SU-2026:20796-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20796-1 advisory. This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is...

Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-012 (ALASNGINX1-2026-012)

The version of nginx installed on the remote host is prior to 1.30.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NGINX1-2026-012 advisory. When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1714)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1714 advisory. When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of ra...

glibc: glibc: Denial of Service via iconv() function with specific character sets

A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the iconv function. This could lead to an assertion failure, causing the application to crash and resulting in a...

Updated nginx packages fix security vulnerabilities

NGINX ngxquicmodule vulnerability. CVE-2026-40460 NGINX ngxhttpsslmodule vulnerability. CVE-2026-40701 NGINX ngxhttpproxyv2module vulnerability. CVE-2026-42926 NGINX ngxhttpcharsetmodule vulnerability. CVE-2026-42934 NGINX ngxhttprewritemodule vulnerability. CVE-2026-42945 NGINX ngxhttpscgimodule...

MGASA-2026-0156 Updated nginx packages fix security vulnerabilities

NGINX ngxquicmodule vulnerability. CVE-2026-40460 NGINX ngxhttpsslmodule vulnerability. CVE-2026-40701 NGINX ngxhttpproxyv2module vulnerability. CVE-2026-42926 NGINX ngxhttpcharsetmodule vulnerability. CVE-2026-42934 NGINX ngxhttprewritemodule vulnerability. CVE-2026-42945 NGINX ngxhttpscgimodule...

Important: nginx

Issue Overview: When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are...

SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2050-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2050-1 advisory. This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the...

Security update for nginx

This update for nginx fixes the following issues CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file bsc1260420. CVE-2026-40701: heap...

SUSE-SU-2026:2050-1 Security update for nginx

This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. - CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file bsc1260420. - CVE-2026-40701: heap...

OPENSUSE-SU-2026:20796-1 Security update for nginx

This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. - CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file bsc1260420. - CVE-2026-40701: heap...

SUSE CVE-2026-44070

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

CVE-2026-42934

A flaw was found in the ngxhttpcharsetmodule module of NGINX. When charset, sourcecharset, charsetmap and proxypass with disabled buffering "off" directives are configured, an unauthenticated attacker can send crafted requests and cause a heap-based buffer over-read in the worker process, resulti...

CVE-2026-44070

A flaw was found in Netatalk. An attacker with low privileges could exploit an unbounded reallocation realloc vulnerability during charset conversion. This could lead to a Denial of Service DoS due to excessive memory consumption...

CVE-2026-44049

A flaw was found in Netatalk. A remote attacker could exploit an out-of-bounds write vulnerability within the convertcharset function. This issue, caused by improper null termination, allows an attacker to write data beyond the allocated memory buffer. Successful exploitation could lead to...

CVE-2026-44070

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

CVE-2026-44062

A missing output length bounds check in pullcharsetflags in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data...