EUVD-2026-23996

In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery ND option over a local network with length zero, because of an "ndoptlen 8 - 2" expression with no preceding check for whether ndoptlen is zero...

JLSEC-2026-169

A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancelextop Cancel operation, resulting in denial of service...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013051)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013051 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix infinite loop in nilfsmdtgetblock If the disk image that nilfs2 mounts is corrupted a...

OpenBSD 安全漏洞

OpenBSD is a cross-platform, BSD-based UNIX-like operating system developed by the OpenBSD organization in Canada. Versions of OpenBSD 7.8 and earlier contained a security vulnerability caused by the slaacd and rad daemon entering an infinite loop when receiving a specially crafted ICMPv6 neighbo...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011114)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011114 advisory. In the Linux kernel, the following vulnerability has been resolved: ubi: ubiwlputpeb: Fix infinite loop when wear-leveling work failed Following process will trigger...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013087)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013087 advisory. In the Linux kernel, the following vulnerability has been resolved: can: kvaserusb: leaf: Fix potential infinite loop in command parsers The kvaserusbleafwaitcmd and...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011374)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011374 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix an infinite loop error when len is 0 in tcpbpfrecvmsgparser When the buffer...

Security update for clamav (moderate)

openSUSE security update: security update for clamav ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20479-1 Rating: moderate References: bsc1221954 bsc1258072 bsc1259207 Cross-References: CVE-2026-20031 CVSS scores: CVE-2026-20031 SUSE : 5.3...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011088)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011088 advisory. In the Linux kernel, the following vulnerability has been resolved: can: kvaserusb: leaf: Fix potential infinite loop in command parsers The kvaserusbleafwaitcmd and...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010859)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010859 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix infinite loop in nilfsmdtgetblock If the disk image that nilfs2 mounts is corrupted a...

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Apache PDFBox

Summary Vulnerabilities have been identified in Apache PDFBox, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2021-27807 DESCRIPTION: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue...

Important: Red Hat Security Advisory: libarchive security update

An update for libarchive is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

CVE-2026-41285

In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery ND option over a local network with length zero, because of an "ndoptlen 8 - 2" expression with no preceding check for whether ndoptlen is zero...

CVE-2026-41285

CVE-2026-41285 affects OpenBSD up to version 7.8, specifically the slaacd and rad daemons. The issue is a missing validation for ICMPv6 Neighbor Discovery ND options: when a crafted ND option with length zero is received, an expression nd_opt_len * 8 - 2 can execute without a preceding check, cau...

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

Security Bulletin: Multiple vulnerabilities in Python affect AIX

Summary Vulnerabilities in Python could allow a null pointer dereference CVE-2026-32776, CVE-2026-32778, an infinite loop CVE-2026-32777, or impact availability CVE-2025-12084. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-32776...

Multiple vulnerabilities in Python affect AIX

IBM SECURITY ADVISORY First Issued: Wed Apr 15 15:19:52 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory19.asc Security Bulletin: Multiple vulnerabilities in Python affect AIX...

Security update for expat

This update for expat fixes the following issues: CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. CVE-2026-32778: NUL...

Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem

Summary fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a parse error. Because iodine vendors the same parser code, the issue also affects iodine when it parses...