SUSE-SU-2026:21881-1 Security update for helm

This update for helm fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled configuration...

SUSE-SU-2026:2194-1 Security update for ignition

This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751...

Security update for ignition

This update for ignition fixes the following issue CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

Security update for ignition

This update for ignition fixes the following issue CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

SUSE-SU-2026:2192-1 Security update for ignition

This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751...

dotnet: .NET: infinite loop allows an attacker to cause a denial of service

A flaw was found in dotnet. An infinite loop in ASP.NET Core allows an unauthenticated remote attacker to cause a denial of service over a network. This issue can lead to an application crash and a high consumption of system resources...

Important: Red Hat Security Advisory: .NET 10.0 security update

An update for .NET 10.0 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

MiracleLinux 8 : dnsmasq-2.79-36.el8_10 (AXSA:2026-741:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-741:05 advisory. dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890...

RLSA-2026:21297 Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime...

.NET 10.0 security update

An update is available for dotnet10.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

RLSA-2026:21296 Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.117 and .NET Runtime...

.NET 9.0 security update

An update is available for dotnet9.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through the Avro Decoder process. An attacker can exhaust CPU resources by providing a specially crafted payload with a large block-count value, causing the decoder to perform excessive iterations before propagating an...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through the Avro Decoder process. An attacker can exhaust CPU resources by providing a specially crafted payload with a large block-count value, causing the decoder to perform excessive iterations before propagating an...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through the Avro Decoder process. An attacker can exhaust CPU resources by providing a specially crafted payload with a large block-count value, causing the decoder to perform excessive iterations before propagating an...

CVE-2026-7263

A flaw was found in PHP. The DOMNode::C14N method may incorrectly process XML data due to the improper removal of an xmlns attribute from the underlying libxml2 data structure, corrupting the linked list representing the XML document and causing an infinite loop. This issue can lead to excessive...

RLSA-2026:19158 Important: dnsmasq security update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890...

dnsmasq security update

An update is available for dnsmasq. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server...

CVE-2026-41150 Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

CVE-2026-41150

CVE-2026-41150 affects Mermaid (JavaScript) where rendering a Gantt chart with the excludes attribute to exclude all dates can cause a denial-of-service through an infinite loop. The issue occurs in versions prior to 10.9.6 and 11.15.0; mermaid.parse remains unaffected unless ganttDb.getTasks() i...