27303 matches found
Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017525)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017525 advisory. An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unkno...
RockyLinux 9 : freeipmi (RLSA-2026:14819)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:14819 advisory. freeipmi: buffer overflows on response messages via ipmi-oem CVE-2026-33554 Tenable has extracted the preceding description block directly from the RockyLinux...
PT-2026-39594
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm handle pdu session modification qos flow descriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be...
UBUNTU-CVE-2026-42257
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...
CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...
CVE-2026-42245
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...
SUSE CVE-2011-2663
Array index error in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message...
SUSE CVE-2026-44742
Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...
DEBIAN-CVE-2026-6665
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...
CVE-2026-6665
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...
CVE-2026-43455
A flaw was found in the Linux kernel's Message Control Transport Protocol MCTP module. A race condition exists in the mctpflowprepareoutput function where a lock is not properly held during a critical check-and-set operation. This can lead to multiple device references being acquired without prop...
CVE-2026-6665 PgBouncer buffer overflow in SCRAM
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...
CVE-2026-6665
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...
CVE-2026-6665
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...
CVE-2026-6665
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...
CVE-2026-6665 PgBouncer buffer overflow in SCRAM
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...
EUVD-2026-28877
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...
PT-2026-39227
Name of the Vulnerable Software and Affected Versions PgBouncer versions prior to 1.25.2 Description The SCRAM code fails to correctly check the return value of the strlcat function when constructing the SCRAM client-final-message. A malicious backend can trigger a stack overflow by sending a SCR...
CVE-2026-43428
A flaw was found in the Linux kernel's USB core. The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs allow for unlimited timeout durations. These APIs use uninterruptible waits, which can cause a task to hang indefinitely. This can lead to a denial of service DoS as the task cannot be...
GHSA-G47V-RWMH-R9F8 eml_parser has recursion DoS via nested message/rfc822 attachments
Summary EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who can supply a badly crafted EML file with approximately 120 nested message/rfc822 parts triggers an unhandled RecursionError and aborts parsing of the...