4601 matches found
BELL-CVE-2026-46235
Bulletin has no description...
SUSE CVE-2026-46128
In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...
RLSA-2026:20611 Important: gnutls security update
Please update the gnutls packages to provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Add more checks to DTLS reassembly CVE-2026-33846 gnutls: Fix qsort comparator in DTLS reassemb...
MiracleLinux 8 : gnutls-3.6.16-8.el8_10.6.ML.1 (AXSA:2026-729:16)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-729:16 advisory. gnutls: Add more checks to DTLS reassembly CVE-2026-33846 gnutls: Fix qsort comparator in DTLS reassembly CVE-2026-42009 gnutls: Fix crashing on an...
RockyLinux 8 : gnutls (RLSA-2026:20611)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20611 advisory. gnutls: Add more checks to DTLS reassembly CVE-2026-33846 gnutls: Fix qsort comparator in DTLS reassembly CVE-2026-42009 gnutls: Fix crashing on an...
CVE-2026-46128
A flaw was found in the Linux kernel's Intelligent Platform Management Interface IPMI subsystem. This vulnerability occurs when the kernel processes event message buffer responses from Baseboard Management Controllers BMCs. Some BMCs may return an empty message instead of an expected error, which...
symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form
Description symfony/polyfill-intl-idn provides a userland implementation of idntoutf8 and idntoascii for runtimes that lack the intl extension. Its Idn::process method decodes labels prefixed with xn-- using Punycode but never enforces the validity criterion added in UTS 46 revision 33 Section 4...
CVE-2026-35672
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...
[SECURITY] [DLA 4605-1] python-flask-httpauth security update
Debian LTS Advisory DLA-4605-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias May 28, 2026 https://wiki.debian.org/LTS Package : python-flask-httpauth Version : 3.2.4-3.1+deb11u1 CVE ID : CVE-2026-34531 Debian Bug : 1132581 A vulnerability was found in...
CVE-2026-35672 phpMyFAQ - Authentication Bypass via Empty API Token
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...
CVE-2026-35672
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...
CVE-2026-35672
CVE-2026-35672 affects phpMyFAQ prior to 4.1.3 where the default API client token is an empty string. The authentication check compares the configured token to the request header x-pmf-token and uses strict inequality; if the header is empty, authentication is bypassed. This allows unauthenticate...
EUVD-2026-32903
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...
CVE-2026-35672 phpMyFAQ - Authentication Bypass via Empty API Token
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...
DEBIAN-CVE-2026-46184
In the Linux kernel, the following vulnerability has been resolved: sound: ua101: fix division by zero at probe Add a missing sanity check for bNrChannels in detectusbformat to prevent a division by zero in playbackurbcomplete and captureurbcomplete. USB core does not validate class-specific...
DEBIAN-CVE-2026-46155
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...
CVE-2026-46128
In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...
EUVD-2026-32887
In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...
CVE-2026-46128 ipmi: Check event message buffer response for bad data
In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...
CVE-2026-46128
In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...