pyasn1 has a DoS vulnerability in decoder

Summary After reviewing pyasn1 v0.6.1 a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. Details The integer issue can be found in the decoder as reloid += subId 7 + nextSubId,:...

GHSA-63VM-454H-VHHQ pyasn1 has a DoS vulnerability in decoder

Summary After reviewing pyasn1 v0.6.1 a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. Details The integer issue can be found in the decoder as reloid += subId 7 + nextSubId,:...

EUVD-2026-2865

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2...

CVE-2026-23490 pyasn1 has a DoS vulnerability in decoder

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2...

OESA-2026-1134 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

MiracleLinux 7 : tomcat-7.0.76-8.el7 (AXSA:2018-3358:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3358:03 advisory. tomcat: A bug in the UTF-8 decoder can lead to DoS CVE-2018-1336 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000632)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000632 advisory. Integer overflow in lib/asn1decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. Tenable has extracted the precedin...

openSUSE 16 Security Update : haproxy (openSUSE-SU-2026:20032-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20032-1 advisory. - CVE-2025-11230: issue in the mjson JSON decoder leads to excessive resource consumption when processing numbers with large exponents bsc1250983. Tenab...

MiracleLinux 7 : libarchive-3.1.2-12.el7 (AXSA:2019-4084:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4084:01 advisory. libarchive: Double free in RAR decoder resulting in a denial of service CVE-2018-1000877 libarchive: Use after free in RAR decoder resulting in a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003236)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003236 advisory. The asn1berdecoder function in lib/asn1decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service panic via an ASN.1 BER file that lacks ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001917)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001917 advisory. Integer overflow in lib/asn1decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. Tenable has extracted the precedin...

SUSE-SU-2026:20092-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2025-11230: issue in the mjson JSON decoder leads to excessive resource consumption when processing numbers with large exponents bsc1250983...

OPENSUSE-SU-2026:20032-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2025-11230: issue in the mjson JSON decoder leads to excessive resource consumption when processing numbers with large exponents bsc1250983...

SUSE-SU-2026:20109-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2025-11230: issue in the mjson JSON decoder leads to excessive resource consumption when processing numbers with large exponents bsc1250983...

SUSE-SU-2026:20094-1 Security update for haproxy

This update for haproxy fixes the following issues: - CVE-2025-11230: issue in the mjson JSON decoder leads to excessive resource consumption when processing numbers with large exponents bsc1250983...

A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?

Posted by Natalie Silvanovich While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Andro...

postgresql:15 security update

pgaudit 1.7.0-1 - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: 2128410 pgrepack 1.4.8-2 - Add new build dependencies to fix build with lz4 enabled - Related: RHEL-47350 1.4.8-1 - Update to version 1.4.8 - Postgresql 15 is supported - Related: 212841...

MiracleLinux 4 : libtiff-3.9.4-1.AXS4.2 (AXSA:2011-126:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-126:02 advisory. The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for...

A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby

Posted by Natalie Silvanovich Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to...

MiracleLinux 3 : libtiff-3.8.2-7.2 (AXSA:2008-91:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-91:01 advisory. The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for...