11089 matches found
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.win-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys function when a form key contains an opening without a matching . An attacker can cause the application to become unresponsive by sending specially crafted network requests that trigge...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.linux-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
EUVD-2026-29719
Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability...
Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability
Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Loop with unreachable exit...
GHSA-9V76-4QCC-FRGH Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability
Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Loop with unreachable exit...
Security update for mozjs78
This update for mozjs78 fixes the following issues CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728. CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing bsc1259713...
SUSE-SU-2026:21804-1 Security update for go1.26
This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...
CLSA-2026-1778894153 libarchive: Fix of CVE-2025-60753
CVE-2025-60753: denial of service in bsdtar -s substitution when the regular expression matches a zero-length string, causing an infinite loop in applysubstitution...
CLSA-2026-1778893359 libarchive: Fix of CVE-2025-60753
CVE-2025-60753: denial of service in bsdtar -s substitution when the regular expression matches a zero-length string, causing an infinite loop in applysubstitution...
SUSE SLED15 / SLES15 Security Update : mozjs60 (SUSE-SU-2026:1817-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1817-1 advisory. This update for mozjs60 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer dereference when...
SUSE SLES15 Security Update : python-Pillow (SUSE-SU-2026:1842-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1842-1 advisory. This update for python-Pillow fixes the following issue - CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs...
CVE-2026-6210
A flaw was found in Qt SVG. A remote attacker could exploit a vulnerability by providing a specially crafted SVG image. This issue arises from incorrect handling of SVG marker references, where the software misinterprets data types, leading to memory access errors and an infinite loop. This can...
Security update for mozjs115
This update for mozjs115 fixes the following issues CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728. CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing bsc125971...
SUSE-SU-2026:1861-1 Security update for go1.26
This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool pack' does...