Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP9, v8.5.8 BP2 vulnerabilities CVE-2025-54874 (vulnerable), CVE-2025-59375 (vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP9, v8.5.8 BP2 January, 2025 vulnerabilities CVE-2025-54874 vulnerable, CVE-2025-59375 vulnerable in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing Vulnerability Details CVEID:CVE-2025-54874 DESCRIPTION: OpenJPEG is an...

Astra Linux - уязвимость в libraw

LibRaw before 0.20-RC1 lacks a check for the thumbnail size range. This affects decoders/unpackthumb.cpp, postprocessing/memimage.cpp, and utils/thumbutils.cpp. For example, mallocsizeoflibrawprocessedimaget+T.tlength is used without validating T.tlength...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/image-v0.18.0 which is vulnerable to CVE-2026-33809

Summary IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/image-v0.18.0 which is vulnerable to CVE-2026-33809, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33809 DESCRIPTION: A maliciously craft...

CVE-2026-6533 Improperly Controlled Sequential Memory Allocation in Wireshark

Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

Amazon Linux 2023 : mesa-dri-drivers, mesa-filesystem, mesa-libd3d (ALAS2023-2026-1623)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1623 advisory. In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca...

RHEL 10 : wireshark (RHSA-2026:9666)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9666 advisory. The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security...

OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

...

CVE-2026-35480

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-47907 DESCRIPTION: Cancelling a query e.g. by cancelling the context passed to one of the query methods during a call to the Scan method of the returned...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.14.63 packages and security update

Red Hat OpenShift Container Platform release 4.14.63 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

CVE-2026-26940

The CVE concerns Kibana’s Timelion visualization plugin, where improper validation of a specified quantity (input) by an authenticated user can cause a Denial of Service through excessive allocation. The underlying issue is validated quantity handling leading to overwriting internal series data p...

PT-2026-26314

Name of the Vulnerable Software and Affected Versions Metricbeat affected versions not specified Description A memory allocation issue exists within the Prometheus remote write HTTP handler in Metricbeat. This issue, categorized as excessive allocation CAPEC-130, can lead to a denial of service...

EulerOS 2.0 SP13 : glib-networking (EulerOS-SA-2026-1237)

According to the versions of the glib-networking package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : glib-networking's OpenSSL backend fails to properly check the return value of a call to BIOwrite, resulting in an out of bounds...

USN-8056-1: U-Boot vulnerabilities

Simon Diepold discovered that U-Boot incorrectly handled certain DHCP responses. An attacker on the local network could possibly use this issue to obtain sensitive memory contents. CVE-2024-42040 It was discovered that U-Boot incorrectly handled symlink size calculations in squashfs file systems...

USN-8005-1 glibc vulnerabilities

Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when WRDEREUSE is used. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service. CVE-2025-15281 Anastasia Belova discovered that the GNU C Library incorrectly...

EUVD-2025-206554

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources...

CVE-2025-36123

CVE-2025-36123 affects IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) 11.5.0–11.5.9 and 12.1.0–12.1.3. The vulnerability stems from improper allocation of system resources, enabling a local user to cause a denial of service when copying large tables that contain XML data. Impa...

MiracleLinux 9 : postgresql:16 (AXSA:2026-063:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-063:01 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer...

MiracleLinux 8 : libwebp-1.0.0-5.el8 (AXSA:2021-2754:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2754:03 advisory. libwebp: out-of-bounds read in WebPMuxCreateInternal CVE-2018-25009 libwebp: out-of-bounds read in ApplyFilter CVE-2018-25010 libwebp: out-of-bounds...

AlmaLinux 9 : postgresql:15 (ALSA-2026:0492)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:0492 advisory. postgresql: CREATE STATISTICS does not check for schema CREATE privilege CVE-2025-12817 postgresql: libpq undersizes allocations, via integer wraparound...