Security Bulletin: IBM i is Affected by an Improper Validation Vulnerability in zlib [CVE-2026-27171]

Summary Zlib for IBM i is vulnerable to increased CPU consumption when using functions crc32combine64 and crc32combine64gen64 CVE-2026-27171 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-27171 DESCRIPTION: zlib before 1.3.2 allows CPU consumption via...

Linux Distros Unpatched Vulnerability : CVE-2026-46522

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check ...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go; this vulnerability stems from the possibility of consuming excessive CPU resources when parsing...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50280)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50280 advisory. - ptrace: slightly saner 'getdumpable' logic Linus Torvalds Orabug: 39391447 CVE-2026-46333 - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache Jeff...

RockyLinux 10 : osbuild-composer (RLSA-2026:3752)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3752 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: archive/zip: Excessive CPU...

PT-2026-42708

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description RSA and DSA public key parsers fail to enforce size limits on key parameters. An unauthenticated client can trigger excessive CPU consumption during signature...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU for Rational Software Architect Designer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition,Versions 8 and Java 17 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM SDK, Java Technology Edition...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

keycloak: Keycloak: Denial of Service via specially crafted SAML input

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

keycloak: Keycloak: Denial of Service via specially crafted SAML input

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

CVE-2026-9064

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

CVE-2026-44390

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses with very large RRsets with records that don't share a suffix above the root can cause Unbound to...

CVE-2026-9064

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

CVE-2026-9064 389-ds-base: 389-ds-base: unbounded ldap controls count in get_ldapmessage_controls_ext() causes cpu and heap amplification (remote dos)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

CVE-2026-9064

The CVE-2026-9064 issue affects the 389-ds-base LDAP server. The get_ldapmessage_controls_ext() function does not bound the number of LDAP message controls, allowing a remote, unauthenticated attacker to send requests with hundreds of thousands of minimal controls within the default BER size (2 M...

CVE-2026-9064

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: firmware: armsdei: Fix sleep from invalid context BUG Running a preempt-rt v6.2-rc3-rt1 based kernel on an Ampere Altra triggers: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:46 inatomic: 0,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: srcu: Delegating tasks to the booting CPU when using SRCUSIZESMALL. The commit 994f706872e6 “srcu: Making the Tree SRCU capable of operating without the snpnode array” assumes that CPU 0 is always online. However, there are...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RCU: Fixed the lockdep warning in thiscpuread in rcuforcequiescentstate. Running rcutorture with a non-zero fqsduration module parameter in a kernel built with CONFIGPREEMPTION=y results in the following error: BUG: Using...