41 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libarchive (UTSA-2026-016794)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016794 advisory. An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when processing crafted -s substitution rules. Th...
CVE-2026-33257
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
GHSA-WHJ4-6X5X-4V2J FITS GZIP decompression bomb in Pillow
Impact Pillow did not limit the amount of GZIP-compressed data read when decoding a FITS image, making it vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service OOM crash or severe performance degradation...
CVE-2026-34165 go-git: Maliciously crafted idx file can cause asymmetric memory consumption
go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...
Security update for python312
This update for python312 fixes the following issues: Update to Python 3.12.13: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...
EulerOS Virtualization 2.12.1 : libvirt (EulerOS-SA-2026-1470)
According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was perform...
PT-2026-25969
Name of the Vulnerable Software and Affected Versions Next.js versions 16.0.1 through 16.1.6 Description Next.js, a React framework for building full-stack web applications, is affected by an issue where requests containing the next-resume: 1 header can lead to excessive memory usage and potentia...
EulerOS 2.0 SP10 : python3 (EulerOS-SA-2026-1345)
According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to...
EulerOS 2.0 SP10 : libarchive (EulerOS-SA-2026-1340)
According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when processing crafted -s...
CVE-2026-29612
OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing attackers to trigger large memory allocations. Remote attackers can supply oversized base64 payloads to cause memory pressure and denial of service...
nats-server websockets are vulnerable to pre-auth memory DoS
...
Advisory ROSA-SA-2026-3202
Software: tcpdump 4.9.3 OS: ROSA Virtualization 2.1 unaffected versions = tcpdump-4.9.3-5.rv3 affected versions tcpdump-4.9.3-5.rv3 CVE-ID: CVE-2021-41043 BDU-ID: 2025-16161 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the extractslice function of the network traffic analysis software tcpdump i...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003326)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003326 advisory. The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service memory consumption by leveraging incorrect tracking of...
K000159078: Podman vulnerability CVE-2024-3056
Security Advisory Description A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will...
BIT-ACTIVEMQ-2025-27533 Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service DoS by depleting process memor...
CVE-2025-61910 NASA ION-DTN BPv7 4.1.3s Uncontrolled Memory Allocation that leads to Denial-of-Service
The NASA’s Interplanetary Overlay Network ION is an implementation of Delay/Disruption Tolerant Networking DTN. A BPv7 bundle with a malformed extension block causes uncontrolled memory allocation inside ION-DTN 4.1.3s, leading to receiver thread termination and a Denial-of-Service DoS. The...
EUVD-2025-25694
Malicious code in bioql PyPI...
Security Bulletin: Astronomer with IBM is vulnerable to memory consumption and denial of service due to the net/http package (CVE-2021-44716, CVE-2022-27664)
Summary net/http is used by Astronomer with IBM as part of the request processing functionality. Vulnerability Details CVEID:CVE-2021-44716 DESCRIPTION: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2...
USN-7529-1 tika vulnerabilities
It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-1950, CVE-2020-1951 It was discovered that Apache Tika...
OESA-2024-2002 python-django security update
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumera...