Linux Distros Unpatched Vulnerability : CVE-2026-43483

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: SVM: Set/clear CR8 write interception when AVIC is deactivated Explicitly set/clear CR8 write interception when AVIC is deactivated to fix a bug where KVM...

GHSA-57RV-R2G8-2CJ3 Netty has HttpClientCodec response desynchronization

Summary If HttpClientCodec is configured, there are use cases when a response body from one request, can be parsed as another's. Details HttpClientCodec pairs each inbound response with an outbound request by queue.poll once per response, including for 1xx. If the client pipelines GET then HEAD a...

Netty has HttpClientCodec response desynchronization

Summary If HttpClientCodec is configured, there are use cases when a response body from one request, can be parsed as another's. Details HttpClientCodec pairs each inbound response with an outbound request by queue.poll once per response, including for 1xx. If the client pipelines GET then HEAD a...

CVE-2026-41417

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

CVE-2026-41417

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

astral-tokio-tar is Vulnerable to PAX Header Desynchronization

Impact Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...

GHSA-FP55-JW48-C537 astral-tokio-tar is Vulnerable to PAX Header Desynchronization

Impact Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...

PT-2026-37246

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description Request-line validation can be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created and its URI is subsequently modified using the setUri...

PAX Header Desynchronization in astral-tokio-tar

Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...

RUSTSEC-2026-0112 PAX Header Desynchronization in astral-tokio-tar

Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...

CVE-2026-5942 Foxit PDF Editor/Reader AcroForm Signature Use-After-Free Vulnerability

Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program...

CVE-2026-5942

CVE-2026-5942 affects Foxit PDF Editor/Reader with an AcroForm Signature Use-After-Free vulnerability. Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the applicat...

OESA-2026-2084 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An issue was...

OESA-2026-2083 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An issue was...

openSUSE 16 Security Update : haproxy (openSUSE-SU-2026:20618-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20618-1 advisory. Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626. Tenable has...

SUSE-SU-2026:1568-1 Security update for haproxy

This update for haproxy fixes the following issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103...

Security update for haproxy

This update for haproxy fixes the following issue: CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

OPENSUSE-SU-2026:20618-1 Security update for haproxy

This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626...

SUSE-SU-2026:21353-1 Security update for haproxy

This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626...

SUSE-SU-2026:21280-1 Security update for haproxy

This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626...