PT-2026-37548

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where the set rps cpu function incorrectly assumes that the Receive Packet Steering RPS table for each receive queue is of a constant size and does not change. By passing...

PT-2026-37598

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Alpha systems may experience sporadic user-space crashes and heap corruption when memory compaction is enabled. This issue is caused by insufficient TLB Translation Lookaside Buffer...

PT-2026-37614

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds access issue exists in the mchp ipc get cluster aggr irq function. The cluster cfg array, which is dynamically allocated for per-CPU configuration structures based on th...

CVE-2026-32936

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

EUVD-2026-27442

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

CVE-2026-32936

CVE-2026-32936 – CoreDNS DoH GET path size validation issue . In CoreDNS (prior to 1.14.3), the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameters and performs parsing, base64 decoding, and DNS message unpacking before rejection. Unlike the POST path, there is no equivalent siz...

CVE-2026-43060

The CVE-2026-43060 issue affects the Linux kernel netfilter component (nft_ct). When the nft_ct module is removed, packets enqueued in nfqueue may retain stale references to conntrack zone templates or timeout policies, risking instability or DoS. The root cause is references that can outlive the...

netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the OverlappingFieldsCanBeMerged validation rule. An attacker can exhaust server resources and cause service disruption by submitting specially crafted GraphQL queries containing numerous neste...

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the ResponseReader class. An attacker can exhaust the client's CPU by sending specially crafted IMAP responses containing many string literals, leading to significant performance degradation in...

RHCOS 9 : OpenShift Container Platform 4.14.41 (RHSA-2024:9623)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9623 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

RHCOS 9 : OpenShift Container Platform 4.17.5 (RHSA-2024:9613)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9613 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: remove the cpuhp instance node before removing the cpuhp state The functions cpuhpstateaddinstance and cpuhpstateremoveinstance should be used in pairs. Otherwise, a warning will be issued during the...

Astra Linux – Vulnerability in Qemu

An infinite loop flaw was discovered in the e1000 NIC emulator of QEMU. This issue occurs when processing transmit tx descriptors in processtxdesc, especially if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in...

Astra Linux - уязвимость в linux

A remote denial-of-service vulnerability was discovered in the Linux kernel’s TIPC kernel module. The while loop in tipclinkxmit encounters an unknown state while attempting to parse SKBs that are not present in the queue. Sending two small UDP packets to a system with a UDP interface causes the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Ring Buffer: Check for NULL cpubuffer in ringbufferwakewaiters. On some machines, the number of listed CPUs may be larger than the actual CPUs that exist. The tracing subsystem allocates a per-CPU directory with access to the...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: perf: Fixed list corruption in perfcgroupswitch. There is list corruption in cgrpcpuctxlist. This occurs at the following path: perfcgroupswitch: listforeachentrycgrpcpuctxlist cpuctxschedin ctxschedin ctxpinnedschedin...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flushcpuslab/freeslab invocations in task context. Commit 5a836bf6b09f "mm: slub: move flushcpuslab invocations freeslab invocations out of IRQ context" moved all flushcpuslab invocations to the global workqueue to...