EulerOS Virtualization 2.10.0 : protobuf (EulerOS-SA-2026-1191)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of...

SUSE SLES12 Security Update : libxml2 (SUSE-SU-2026:0336-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0336-1 advisory. - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving...

CVE-2025-36001

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

CVE-2025-36001

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

UBUNTU-CVE-2025-36001

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

CVE-2025-36001

CVE-2025-36001 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) - versions 11.5.0–11.5.9 and 12.1.0–12.1.3. The issue allows an authenticated user to cause a denial of service by sending a specially crafted SQL statement that includes XML and triggers uncontrolled recurs...

CVE-2025-36001 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

CVE-2025-36001

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

MGASA-2026-0027 Updated libxml2 packages fix security vulnerabilities

xmlcatalog xmlParseSGMLCatalog recursion. CVE-2025-8732 Unbounded relaxng include recursion leading to stack overflow. CVE-2026-0989 Denial of service via uncontrolled recursion in xml catalog processing. CVE-2026-0990 Denial of service via crafted xml catalogs. CVE-2026-0992...

Updated libxml2 packages fix security vulnerabilities

xmlcatalog xmlParseSGMLCatalog recursion. CVE-2025-8732 Unbounded relaxng include recursion leading to stack overflow. CVE-2026-0989 Denial of service via uncontrolled recursion in xml catalog processing. CVE-2026-0990 Denial of service via crafted xml catalogs. CVE-2026-0992...

PT-2026-5445

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 11.5.0 through 11.5.9 IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 12.1.0 through 12.1.3 Description An authenticated user can trigger a denia...

SUSE-SU-2026:0336-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving directives bsc1256805...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving include directives bsc1256805. Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving include directives bsc1256805 Patch Instructions: To install this SUSE update use the SUSE recommended...

CVE-2025-55095

The function uxhostclassstoragemediamount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in...

Prototype Pollution

Overview jsonpath is a Query JavaScript objects with JSONPath expressions. Robust / safe JSONPath engine for Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the value function. An attacker can modify the prototype of built-in objects by supplying crafted input...

CLSA-2026-1769610819 kernel: Fix of 39 CVEs

Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times CVE-2022-50419 - firewire: net: fix use after free in fwnetfinishincomingpacket CVE-2023-53432 - wifi: brcmfmac: fix use-after-free bug in brcmfnetdevstartxmit CVE-2022-50408 - wifi: brcmfmac: slab-out-of-bounds read in...

Denial Of Service (DoS)

orjson is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to missing recursion depth limits in orjson.dumps, where deeply nested JSON inputs can cause excessive recursion, leading to stack exhaustion and process crashes...

CVE-2026-24401

A flaw was found in Avahi, a system that enables devices to discover services on a local network. A remote attacker can exploit this vulnerability by sending a specially crafted mDNS multicast Domain Name System response containing a recursive CNAME Canonical Name record. This triggers an...

Denial Of Service (DoS)

Protobuf is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to bypassed recursion depth limits when parsing nested Any messages, where missing depth accounting in the ParseDict logic allows deeply nested inputs to exhaust the Python recursion stack and trigger a RecursionError...