Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2026-1804)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1804 advisory. Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an...

Amazon Linux 2 : amazon-ssm-agent, --advisory ALAS2-2026-3350 (ALAS-2026-3350)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.4515.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3350 advisory. When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it...

ROS-20260608-73-0025

The vulnerability of the Microsoft .NET software platform, Microsoft .NET Framework, and the source code editor Visual Studio is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

Important: amazon-cloudwatch-agent

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Important: dotnet10.0

Issue Overview: Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-42899 Affected Packages:...

PT-2026-47324

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description The mod proxy ftp module contains a loop with an unreachable exit condition, leading to an infinite loop when interacting with an attacker-controlled backend FTP server...

Amazon Linux 2023 : aspnetcore-runtime-9.0, aspnetcore-runtime-dbg-9.0, aspnetcore-targeting-pack-9.0 (ALAS2023-2026-1802)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1802 advisory. Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an...

Amazon Linux 2023 : aspnetcore-runtime-10.0, aspnetcore-runtime-dbg-10.0, aspnetcore-targeting-pack-10.0 (ALAS2023-2026-1803)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1803 advisory. Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an...

Important: amazon-ssm-agent

Issue Overview: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0. CVE-2026-33814 Affected Packages: amazon-ssm-agent Issue Correction: Run dnf update amazon-ssm-agent --releasever...

Important: amazon-ssm-agent

Issue Overview: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0. CVE-2026-33814 Affected Packages: amazon-ssm-agent Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Medium: ImageMagick

Issue Overview: When writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. as per: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7wff-wpr6-vmhm CVE-2026-42326 Due to a missing check in the PSD decoder it would be possible to...

ROS-20260608-73-0016

The vulnerability of the Microsoft .NET software platform, Microsoft .NET Framework, and the source code editor Visual Studio is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

ROS-20260608-73-0004

The vulnerability of the .NET software platform lies in the execution of a loop with an exit condition that is not met. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

EulerOS Virtualization 2.10.1 : libarchive (EulerOS-SA-2026-2023)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata...

EulerOS Virtualization 2.12.1 : libarchive (EulerOS-SA-2026-2078)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata...

CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

CVE-2026-8318

A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toctransformer of the file pageindex/pageindex.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. Th...

JLSEC-2026-571

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

SUSE-SU-2026:2280-1 Security update for ignition

This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751...