199 matches found
SUSE-SU-2026:20716-1 Security update for qemu
This update for qemu fixes the following issues: - CVE-2025-14876: Fixed unbounded allocation in virtio-crypto. bsc1255400 - CVE-2026-0665: Fixed PIRQ bounds check in xenphysdevmappirq. bsc1256484...
SUSE SLED15: qemu / qemu-SLOF / qemu-accel-qtest / qemu-accel-tcg-x86 / qemu-arm / etc (SUSE-SU-2026:0832-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0832-1 advisory. Security issue: - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. Non security issues: -...
TencentOS Server 4: qemu (TSSA-2026:0110)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0110 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Security update for qemu
This update for qemu fixes the following issues: Security issue: CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. Non security issues: hw/virtio: Also include md stubs in case CONFIGVIRTIOPCI is not set jscPED-14271. s390x/pv: prepare for memory devices jscPED-14271...
openSUSE 15: qemu / qemu-SLOF / qemu-accel-qtest / qemu-accel-tcg-x86 / qemu-arm / etc (SUSE-SU-2026:0662-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0662-1 advisory. - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. - CVE-2026-0665: out-of-bounds heap access can lead to a denial of...
openSUSE Security Advisory (SUSE-SU-2026:0662-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GO-2026-4534 Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation in github.com/gofiber/fiber/v3
Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation in github.com/gofiber/fiber/v3...
CVE-2026-27710 NanaZip .NET Single-File Parser Integer Underflow Leads to Unbounded Allocation (DoS)
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a denial-of-service vulnerability exists in NanaZip’s .NET Single File Application parser. A crafted bundle can force an integer underflow in header-size calculation and trigger...
CVE-2026-25899
Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...
CVE-2025-14876
CVE-2025-14876 affects the virtio-crypto device in QEMU. The AKCIPHER path has a missing length limit, causing unbounded memory allocation and potential host DoS (QEMU process termination) via a malicious guest. Affected products include qemu/kvm; advisories from SUSE openSUSE and other vendors r...
CVE-2025-54155
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...
CVE-2025-54155
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...
AlmaLinux 10 : osbuild-composer (ALSA-2026:1837)
The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:1837 advisory. golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 Tenable has extracted the preceding description block directly from the...
RHEL 10 : osbuild-composer (RHSA-2026:1837)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1837 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...
RHEL 10 : image-builder (RHSA-2026:1838)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:1838 advisory. A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: golang:...
CVE-2025-58340
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/senddelts write operation, leading to kernel...
CVE-2025-58342
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/uapsd write operation, leading to kernel memor...
CVE-2025-58343
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/createtspec write operation, leading to kernel...
CVE-2025-58344
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation in a /proc/driver/unifi0/connlogeventbursttous write operation, leading to kernel memory...