Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerabilit...

RHEL 8 : libxml2 (RHSA-2026:14832)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:14832 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite...

RHEL 8 : libxml2 (RHSA-2026:14858)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:14858 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite...

Denial Of Service

Marked is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of specific input sequences during parsing, where a crafted sequence \x09\x0b\n triggers infinite recursion, leading to unbounded memory allocation and application crash due to out-of-memory conditions...

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...

dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...

dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...

dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...

dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...

Astra Linux - уязвимость в binutils

A vulnerability was discovered in cp-demangle.c within GNU libiberty, as part of the GNU Binutils 2.31 package. This vulnerability stems from infinite recursion in the functions dname, dencoding, and dlocalname in cp-demangle.c. Remote attackers could exploit this vulnerability to cause a...

Astra Linux - уязвимость в poppler

A issue with the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause infinite recursion by providing a crafted PDF file. This can lead to a Denial of Service DoS attack...

MiracleLinux 8 : libxml2-2.9.7-21.el8_10.4 (AXSA:2026-525:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-525:01 advisory. libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 Tenable has extracted the preceding description bloc...

DEBIAN-CVE-2026-42481

Open CASCADE Technology OCCT V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2dBSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in...

Apache Neethi does not properly detect circular references in policy definitions.

Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...

CVE-2026-42481

Open CASCADE Technology OCCT V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2dBSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in...

CVE-2026-42481

The CVE-2026-42481 entry concerns Open CASCADE Technology (OCCT) in the V8_0_0_rc5 release. The affected components are the IGES and STEP file parsers. Documented issues include an out-of-bounds read in Geom2d_BSplineCurve::EvalD0 during IGES B-spline curve evaluation, another out-of-bounds read ...

PT-2026-36310

Name of the Vulnerable Software and Affected Versions Apache Neethi versions prior to 3.2.2 Description Apache Neethi fails to properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references for example, Policy A references Policy B, which ...

PT-2026-36494

Name of the Vulnerable Software and Affected Versions Open CASCADE Technology OCCT version V8 0 0 rc5 Description Multiple issues exist in the IGES and STEP file parsers that can be triggered by crafted files. These include an out-of-bounds read reading data outside the intended boundary of a...

GHSA-6V9C-7CG6-27Q7 Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

Summary A critical Denial of Service DoS vulnerability exists in [email protected]. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocatio...