326 matches found
qemu-kvm security update
An update is available for qemu-kvm. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine KVM is a full virtualization solution for Linu...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39821)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39821 advisory. - The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to ...
symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form
Description symfony/polyfill-intl-idn provides a userland implementation of idntoutf8 and idntoascii for runtimes that lack the intl extension. Its Idn::process method decodes labels prefixed with xn-- using Punycode but never enforces the validity criterion added in UTS 46 revision 33 Section 4...
GHSA-2XF4-CG6J-VHGQ symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form
Description symfony/polyfill-intl-idn provides a userland implementation of idntoutf8 and idntoascii for runtimes that lack the intl extension. Its Idn::process method decodes labels prefixed with xn-- using Punycode but never enforces the validity criterion added in UTS 46 revision 33 Section 4...
SUSE CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
...
Linux Distros Unpatched Vulnerability : CVE-2026-39821
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII- only label. For example, ToUnicodexn--example-.com...
Incorrect Comparison
Overview Affected versions of this package are vulnerable to Incorrect Comparison in the process function in Idn.php, which does not necessarily treat xn-- labeled input as punycode, if it contains only ASCII. This case was overlooked in the specification until UTS 46 revision 33, when it was...
CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence
More info at https://symfony.com/cve-2026-46644...
CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence
More info at https://symfony.com/cve-2026-46644...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the ToASCII and ToUnicode functions. An attacker can bypass hostname validation by submitting Punycode-encoded labels that decode to ASCII-only labels, potentially leading to privilege escalation in...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the ToASCII and ToUnicode functions. An attacker can bypass hostname validation by submitting Punycode-encoded labels that decode to ASCII-only labels, potentially leading to privilege escalation in...
DEBIAN-CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
UBUNTU-CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
CVE-2026-39821
CVE-2026-39821 affects golang.org/x/net/idna; ToASCII/ToUnicode incorrectly accept Punycode-encoded labels that decode to ASCII-only labels (e.g., xn--example-.com). The issue can enable privilege escalation in programs that validate ASCII hostnames but later convert to Unicode, potentially grant...
EUVD-2026-31449
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...