[SECURITY] Fedora 44 Update: ngtcp2-1.22.1-1.fc44

"Call it TCP/2. One More Time." ngtcp2 project is an effort to implement RFC9000 QUIC protocol...

Fedora 43 : ngtcp2 (2026-a0f25484e9)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a0f25484e9 advisory. Update to 1.22.1 rhbz2452790 - Fixes CVE-2026-40170 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

Fedora 44 : ngtcp2 (2026-705eb9cf95)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-705eb9cf95 advisory. Update to 1.22.1 rhbz2452790 - Fixes CVE-2026-40170 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

OPENSUSE-SU-2026:10621-1 libngtcp2-16-1.22.1-1.1 on GA media

These are all security issues fixed in the libngtcp2-16-1.22.1-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-41166 OpenRemote has Improper Access Control via updateUserRealmRoles function

OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...

CVE-2026-41166

Summary of CVE-2026-41166 : OpenRemote prior to v1.22.1 allows a user with the OpenRemote Keycloak realm role write:admin in one realm to call the Manager API and update realm roles for users in a different realm, including the master realm. The underlying issue is that the handler uses the {real...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the updateUserRealmRoles function. An attacker can escalate privileges by invoking the API with a valid token from one realm to modify user roles in another realm, potentially granting administrative access to...

OPENSUSE-SU-2026:10577-1 skopeo-1.22.1-1.1 on GA media

These are all security issues fixed in the skopeo-1.22.1-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

CVE-2026-40170

ngtcp2 (QUIC) vulnerability: in versions before 1.22.1, ngtcp2_qlog_parameters_set_transport_params() writes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking, enabling a stack buffer overflow when qlog is enabled and large untrusted parameters are received dur...

CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

EUVD-2026-23302

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

ngtcp2 安全漏洞

ngtcp2 is an open-source library developed by ngtcp2. Versions of ngtcp2 prior to 1.22.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that when qlog was enabled, the ngtcp2qlogparameterssettransportparams function serialized transport parameters into a fixed-siz...

PT-2026-33369

Name of the Vulnerable Software and Affected Versions ngtcp2 versions prior to 1.22.1 Description The ngtcp2 qlog parameters set transport params function serializes peer transport parameters into a fixed 1024-byte stack buffer without performing bounds checking. When qlog is enabled, a remote pe...

CVE-2026-27654 affecting package nginx for versions less than 1.22.1-16

CVE-2026-27654 affecting package nginx for versions less than 1.22.1-16. A patched version of the package is available...

AZL-76745 CVE-2026-1642 affecting package nginx for versions less than 1.22.1-15

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

krb5-1.22.1-1.1 on GA media (moderate)

krb5-1.22.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:15803-1 Rating: moderate Cross-References: CVE-2025-57736 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the krb5-1.22.1-1.1...