GHSA-JJ3X-WXRX-4X23 AIOHTTP vulnerable to DoS when bypassing asserts

Summary When assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body. Impact If optimisations are enabled -O or PYTHONOPTIMIZE=1, and the application includes a handler that uses the Request.post method, then an attacker may be able to...

PT-2026-1353

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, is susceptible to a denial-of-service DoS attack. When optimizations are enabled using -O or PYTHONOPTIMIZE=1, and an...

PT-2026-28179

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.9.2 Description pypdf is a free and open-source pure-python PDF library. A crafted PDF file can cause an infinite loop when read in non-strict mode. This issue requires reading a file in non-strict mode. Applying the...

PT-2026-27663

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s ucan component that can lead to a system hang. Specifically, if a malfunctioning ucan device receives a message with a message length field set to 0,...

PT-2026-4845

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.6.2 Description A flaw exists in the pypdf library that allows attackers to trigger an infinite loop by creating a PDF file with cyclic outline references. This requires accessing the outlines or bookmarks within the...

PT-2026-20446

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel’s ksmbd module where an infinite loop can occur due to an incorrect reset of the next smb2 rcv hdr off pointer in error paths during SMB2 signature...

PT-2026-25631

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.7.5 Description The software contains a flaw where parsing DTD content can lead to an infinite loop. Recommendations Update libexpat to version 2.7.5 or later...

PT-2026-27134

Name of the Vulnerable Software and Affected Versions github.com/antchfx/xpath affected versions not specified Description A flaw exists in the github.com/antchfx/xpath component that allows a remote attacker to cause a Denial of Service DoS condition. This is achieved by submitting crafted Boole...

PT-2026-25310

Name of the Vulnerable Software and Affected Versions libarchive affected versions not specified Description A flaw exists in the RAR5 archive decompression logic within the archive read data processing path of the libarchive library. Processing a specially crafted RAR5 archive can cause the...

SUSE CVE-2022-50871

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix qmimsghandler data structure initialization qmimsghandler is required to be null terminated by QMI module. There might be a case where a handler for a msg id is not present in the handlers array which can lead t...

EUVD-2022-55827

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix qmimsghandler data structure initialization qmimsghandler is required to be null terminated by QMI module. There might be a case where a handler for a msg id is not present in the handlers array which can lead t...

Security Bulletin: Multiple Vulnerabilities in IBM Operator for Apache Flink

Summary Multiple vulnerabilities were addressed in IBM Operator for Apache Flink version 1.4.5 Vulnerability Details CVEID:CVE-2021-39194 DESCRIPTION: kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide...

CVE-2022-50871

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix qmimsghandler data structure initialization qmimsghandler is required to be null terminated by QMI module. There might be a case where a handler for a msg id is not present in the handlers array which can lead t...

CVE-2022-50871

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix qmimsghandler data structure initialization qmimsghandler is required to be null terminated by QMI module. There might be a case where a handler for a msg id is not present in the handlers array which can lead t...

UBUNTU-CVE-2022-50871

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix qmimsghandler data structure initialization qmimsghandler is required to be null terminated by QMI module. There might be a case where a handler for a msg id is not present in the handlers array which can lead t...

CVE-2022-50871

The CVE-2022-50871 entry concerns the Linux kernel component wifi: ath11k, specifically the qmi_msg_handler data structure initialization. The issue could allow an infinite loop while searching for a handler when a msg-id handler is missing from the handlers array, leading to out-of-bounds access...

CVE-2022-50871 wifi: ath11k: Fix qmi_msg_handler data structure initialization

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix qmimsghandler data structure initialization qmimsghandler is required to be null terminated by QMI module. There might be a case where a handler for a msg id is not present in the handlers array which can lead t...

can: kvaser_usb: leaf: Fix potential infinite loop in command parsers

...

SUSE CVE-2025-68308

In the Linux kernel, the following vulnerability has been resolved: can: kvaserusb: leaf: Fix potential infinite loop in command parsers The kvaserusbleafwaitcmd and kvaserusbleafreadbulkcallback functions contain logic to zero-length commands. These commands are used to align data to the USB...

Security update for wireshark

This update for wireshark fixes the following issues: CVE-2025-13499: Fixed Kafka dissector crash due to malformed packet bsc1254108. CVE-2025-13946: Fixed MEGACO dissector infinite loop that allows denial of service bsc1254472. Patch Instructions: To install this SUSE update use the SUSE...