CVE-2026-46291

Publié : 8 juin 2026

Modifié : 8 juin 2026

Description détaillée

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hash_digest_key Use print_hex_dump_devel() for dumping sensitive HMAC key bytes in hash_digest_key() to avoid leaking secrets at runtime when CONFIG_DYNAMIC_DEBUG is enabled.

Références et Patchs

https://git.kernel.org/stable/c/177730a273b18e195263ed953853273e901b5064 https://git.kernel.org/stable/c/2adbfca7452eeac45117b8e803288a2767f7075f https://git.kernel.org/stable/c/5cffe3c136891aa4d579bf5c079a68f7cb371b0c https://git.kernel.org/stable/c/b8f12d9b00c1950779e5679b9c13908584682bb6 https://git.kernel.org/stable/c/c7e52fe3f7901ccb9cd29b3f7c683d809ba87e48

Dernières Vulnérabilités

CVE-2026-44541

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue has been patched in version 2.84.5.

VOIR DÉTAILS

CVE-2026-40215

A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.

VOIR DÉTAILS

CVE-2026-11585

A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

VOIR DÉTAILS