[SECURITY] [DLA 4618-1] gsasl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4618-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz June 05, 2026 https://wiki.debian.org/LTS -...

BIT-PYTHON-MIN-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...

[SECURITY] Fedora 44 Update: libre-4.8.1-1.fc44

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

Debian dla-4618 : gsasl - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4618 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4618-1 [email protected] https://www.debian.org/lts/security/...

7-Zip >= 9.34 < 26.01 WIM / Ar SYMDEF OOB Read (GHSL-2026-115_GHSL-2026-122)

The version of 7-Zip installed on the remote Windows host is = 9.34 and prior to 26.01. It is, therefore, affected by multiple vulnerabilities: - An out-of-bounds read exists in 7-Zip's WIM SecurityId handling, which can lead to a crash when processing a crafted WIM image. CVE-2026-48103 - An...

PT-2026-46970

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

PT-2026-46982

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...

Linux Distros Unpatched Vulnerability : CVE-2026-26824

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation...

ROOT-APP-NPM-CVE-2023-32695 CVE-2023-32695 in @rootio/socket.io-parser - Patched by Root

Root has patched CVE-2023-32695 in the @rootio/socket.io-parser package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-27942 CVE-2026-27942 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-27942 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-33036 CVE-2026-33036 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-33036 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-41650 CVE-2026-41650 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-41650 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-33349 CVE-2026-33349 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-33349 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-26278 CVE-2026-26278 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-26278 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-25896 CVE-2026-25896 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-25896 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-25128 CVE-2026-25128 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-25128 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

CVE-2026-41207

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

ROOT-APP-NPM-CVE-2024-45590 CVE-2024-45590 in @rootio/body-parser - Patched by Root

Root has patched CVE-2024-45590 in the @rootio/body-parser package for Root:npm. Multiple fixed versions available...

EUVD-2026-34307

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

CVE-2026-41207 netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...