1375 matches found
CVE-2026-43247
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix SError of kernel panic when closed SError of kernel panic rarely happened while testing fluster. The root cause was to enter suspend mode because timeout of autosuspend delay happened. 48.834439...
CVE-2026-43247
CVE-2026-43247 affects the Linux kernel media driver for wave5 (chips-media). The issue causes a kernel panic triggered by an asynchronous SError interrupt when the system enters suspend mode due to an autosuspend delay timeout, leading to an unresponsive system (DoS-like impact). The vulnerabili...
Hashicorp Boundary workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes
Boundary Community Edition and Boundary Enterprise "Boundary" workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the TLS handshake process. An attacker can cause worker connection handling to block by opening a connection to the authentication listener and delaying or withholding the client...
CVE-2026-7776
Boundary Community Edition and Boundary Enterprise “Boundary” workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate...
Wireshark 2.0.x < 2.0.8 Multiple Vulnerabilities
The version of Wireshark installed on the remote Windows host is prior to 2.0.8. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.0.8 advisory. - In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion,...
[SECURITY] Fedora 44 Update: libcgif-0.5.3-1.fc44
A fast and lightweight GIF encoder that can create GIF animations and images. Summary of the main features: - user-defined global or local color-palette with up to 256 colors limit of the GIF format - size-optimizations for GIF animations: - option to set a pixel to transparent if it has identica...
PT-2026-35063
Name of the Vulnerable Software and Affected Versions 4ga Boards versions prior to 3.3.5 Description 4ga Boards is a boards system for realtime project management. The software allows user enumeration through a timing side-channel in the login endpoint '/api/access-tokens'. The server responds...
SUSE CVE-2026-33595
A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...
CVE-2026-31501 net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path
In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path cppi5hdescgetpsdata returns a pointer into the CPPI descriptor. In both emacrxpacket and emacrxpacketzc, the descriptor is freed via k3cppidescpoolfree befor...
CVE-2026-39396
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...
BIT-AUTHENTIK-2025-64708 authentik invitation expiry is delayed by at least 5 minutes
authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...
ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint
Summary The password reset endpoint /api/v1/@apostrophecms/login/reset-request exhibits a measurable timing side channel that allows unauthenticated attackers to enumerate valid usernames and email addresses. When a user is not found, the handler returns after a fixed 2-second artificial delay, b...
GHSA-MJ7R-X3H3-7RMR ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint
Summary The password reset endpoint /api/v1/@apostrophecms/login/reset-request exhibits a measurable timing side channel that allows unauthenticated attackers to enumerate valid usernames and email addresses. When a user is not found, the handler returns after a fixed 2-second artificial delay, b...
Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5)
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.272 fixes various security issues The following security issues were fixed: CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue bsc1255235. CVE-2025-39973: i40e: add validation for ringlen param...
[SECURITY] Fedora 42 Update: libcgif-0.5.3-1.fc42
A fast and lightweight GIF encoder that can create GIF animations and images. Summary of the main features: - user-defined global or local color-palette with up to 256 colors limit of the GIF format - size-optimizations for GIF animations: - option to set a pixel to transparent if it has identica...
GHSA-7789-65HX-F26W FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel
Summary The /api/auth/login authentication endpoint does not execute in constant time. When a non-existent username is supplied, the server returns a 401/403 response almost immediately. When a valid username is provided, the server performs a bcrypt password comparison, causing a measurable dela...
FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel
Summary The /api/auth/login authentication endpoint does not execute in constant time. When a non-existent username is supplied, the server returns a 401/403 response almost immediately. When a valid username is provided, the server performs a bcrypt password comparison, causing a measurable dela...
PT-2026-25723
Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...
Unbreakable Enterprise kernel security update
5.4.17-2136.353.3 - xfrm: flush all states in xfrmstatefini Sabrina Dubroca Orabug: 38934000 - xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added Sabrina Dubroca Orabug: 38934000 - Revert 'xfrm: destroy xfrmstate synchronously on net exit path' Sabrina Dubroca...