Astra Linux - уязвимость в curl

Curl versions 7.21.0 through 7.73.0 are vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing...

Astra Linux - уязвимость в linux

A issue was discovered in the Linux kernel before version 5.8. The lib/nlattr.c file allows attackers to cause a denial of service unbounded recursion through a nested Netlink policy with a back reference...

Astra Linux - уязвимость в binutils

A vulnerability was discovered in cp-demangle.c within GNU libiberty, as part of the GNU Binutils 2.31 package. This vulnerability stems from infinite recursion in the functions dname, dencoding, and dlocalname in cp-demangle.c. Remote attackers could exploit this vulnerability to cause a...

Astra Linux - уязвимость в liblivemedia

Live555 suffers from 1.08, which mishandles large requests for the same MP3 stream, leading to recursion and excessive buffer overflows based on the stack mechanism. An attacker can exploit this vulnerability to launch a DoS attack...

Astra Linux - уязвимость в edk2

Unlimited recursion in DxeCore in EDK II...

Astra Linux - уязвимость в poppler

A issue with the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause infinite recursion by providing a crafted PDF file. This can lead to a Denial of Service DoS attack...

Astra Linux - уязвимость в vim

Uncontrolled recursion in the GitHub repository vim/vim before version 8.2.4975...

Astra Linux - уязвимость в protobuf

Any project that uses the Protobuf Pure-Python backend to parse untrusted Protocol Buffers data—which may contain an arbitrary number of recursive groups, recursive messages, or a series of SGROUP tags—can be corrupted when the Python recursion limit is exceeded. This can lead to a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bonding: A potential infinite loop has been prevented in the bondheaderparse function. The bondheaderparse function may enter an infinite loop if a stack of two bonding devices is set up. This occurs because skb-dev always points...

Astra Linux - уязвимость в qpdf

In QPDF 8.2.1, within libqpdf/QPDFWriter.cc, the functions QPDOrWriter::unparseObject and QPDOrWriter::unparseChild contain recursive calls that last for a long time. This allows remote attackers to cause a denial of service by using a crafted PDF file...

Astra Linux - уязвимость в binutils

A vulnerability was discovered in cp-demangle.c of GNU libiberty, as part of GNU Binutils 2.31. There is a stack consumption vulnerability caused by infinite recursion in the functions nextistypequal and cplusdemangletype in cp-demangle.c. Remote attackers could exploit this vulnerability to caus...

Astra Linux - уязвимость в binutils

A issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in dcounttemplatesscopes in cp-demangle.c after multiple recursive calls...

OESA-2026-2188 uriparser security update

The package is a strictly RFC 3986 compliant URI parsing library written in C89"ANSI C". uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party...

OESA-2026-2187 uriparser security update

The package is a strictly RFC 3986 compliant URI parsing library written in C89"ANSI C". uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party...

MiracleLinux 8 : libxml2-2.9.7-21.el8_10.4 (AXSA:2026-525:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-525:01 advisory. libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 Tenable has extracted the preceding description bloc...

DEBIAN-CVE-2026-42481

Open CASCADE Technology OCCT V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2dBSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in...

[SECURITY] [DLA 4557-1] pyasn1 security update

Debian LTS Advisory DLA-4557-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias May 01, 2026 https://wiki.debian.org/LTS Package : pyasn1 Version : 0.4.8-1+deb11u2 CVE ID : CVE-2026-30922 Debian Bug : 1131371 It was discovered that pyasn1, a generic ASN.1 library fo...

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to this CVE-2026-30922

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library pyasn1-0.6.2-py3-none-any.whl which is vulnerable to CVE-2026-30922. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic...

Apache Neethi does not properly detect circular references in policy definitions.

Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...

CVE-2026-42481

Open CASCADE Technology OCCT V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2dBSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in...