Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Media: MediTech; vcodec: Fixed the H264 stateless decoder’s “smatch” warning. A “smatch static checker” warning has been fixed in vdech264reqif.c. This issue causes the kernel to crash when fb is NULL...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Media: MediTech; vcodec: Fixed the VP8 stateless decoder’s “smatch” warning. A “smatch” static checker warning was also fixed in vdecvp8reqif.c. This issue causes the kernel to crash when fb is set to NULL...

EUVD-2026-36462

Netty: QUIC stateless reset token material exposed through header-visible connection IDs...

GHSA-CQ4Q-CV5G-R8Q5 Netty: QUIC stateless reset token material exposed through header-visible connection IDs

Summary Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the server's current source connection ID can be derived from bytes that appear as the connection ID in QUIC headers...

Netty: QUIC stateless reset token material exposed through header-visible connection IDs

Summary Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the server's current source connection ID can be derived from bytes that appear as the connection ID in QUIC headers...

CVE-2026-50009

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

UBUNTU-CVE-2026-50009

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

CVE-2026-50009 Netty QUIC stateless reset token material exposed through header-visible connection IDs

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

CVE-2026-50009 Netty QUIC stateless reset token material exposed through header-visible connection IDs

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

CVE-2026-50009

Netty QUIC (prior to 4.2.15.Final) exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. An on-path attacker observing QUIC headers after a source-CID rotation can derive the server’s current source-CID reset to...

PT-2026-48901

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.15.Final Description Netty QUIC exposes the stateless reset token on the network path when utilizing the default HMAC-based connection-ID and stateless-reset-token generators. Specifically, the...

Linux Distros Unpatched Vulnerability : CVE-2026-50009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset...

[SECURITY] Fedora 44 Update: rust-sequoia-sop-0.37.3-4.fc44

An implementation of the Stateless OpenPGP Interface using Sequoia...

[SECURITY] Fedora 43 Update: rust-sequoia-sop-0.37.3-4.fc43

An implementation of the Stateless OpenPGP Interface using Sequoia...

[SECURITY] Fedora 42 Update: rust-sequoia-sop-0.37.3-3.fc42

An implementation of the Stateless OpenPGP Interface using Sequoia...

[SECURITY] Fedora 44 Update: rust-sequoia-sop-0.37.3-3.fc44

An implementation of the Stateless OpenPGP Interface using Sequoia...

Transient Turn Injection: Exposing Stateless Multi-Turn Vulnerabilities in Large Language Models

Large language models LLMs are increasingly integrated into sensitive workflows, raising the stakes for adversarial robustness and safety. This paper introduces Transient Turn InjectionTTI, a new multi-turn attack technique that systematically exploits stateless moderation by distributing...

UBUNTU-CVE-2026-5446

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

PT-2026-31736

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay

Executive Overview Advanced persistent threats APTs are constantly and consistently changing tactics as network defenders plug holes in defenses. Static indicators of compromise IoCs for the BPFDoor have been widely deployed, forcing threat actors to get creative in their use of this particular...