CVE-2026-4426

A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...

libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

RHEL 9 : libarchive (RHSA-2026:5080)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5080 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM...

ALSA-2026:5063 Important: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

Important: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

GHSA-XV6H-R36F-3GP5 Keycloak: Denial of Service due to excessive SAMLRequest decompression

A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service DoS by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryErro...

Keycloak: Denial of Service due to excessive SAMLRequest decompression

A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service DoS by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryErro...

CVE-2026-2575

Keycloak vulnerability CVE-2026-2575 allows an unauthenticated attacker to trigger an application‑level DoS by sending a highly compressed SAMLRequest via the Redirect Binding. The server does not enforce size limits during DEFLATE decompression, causing an OutOfMemoryError and possible process t...

RUSTSEC-2026-0041 Decompressing invalid data can leak information from uninitialized memory or reused output buffer

Decompressing invalid LZ4 data with the block API can leak data from uninitialized memory, or leak content from previous decompression operations when reusing an output buffer. The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from a...

Decompressing invalid data can leak information from uninitialized memory or reused output buffer

Decompressing invalid LZ4 data with the block API can leak data from uninitialized memory, or leak content from previous decompression operations when reusing an output buffer. The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from a...

Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive

...

Huawei EulerOS: Security Advisory for brotli (EulerOS-SA-2026-1599)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.12.1 : brotli (EulerOS-SA-2026-1419)

According to the versions of the brotli package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression...

EulerOS Virtualization 2.12.0 : brotli (EulerOS-SA-2026-1476)

According to the versions of the brotli package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression...

lz4_flex's decompression can leak information from uninitialized memory or reused output buffer

Summary Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations when reusing an output buffer. Details The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from the...

SUSE CVE-2026-31897

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdpbitmapdecompressplanar when SrcSize is 0. The function dereferences srcp which points to pSrcData without first verifying that SrcSize = 1. When SrcSize is 0 and pSrcData is...

EulerOS 2.0 SP11 : brotli (EulerOS-SA-2026-1599)

According to the versions of the brotli package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The...

EulerOS Virtualization 2.10.1 : python-urllib3 (EulerOS-SA-2026-1545)

According to the versions of the python-urllib3 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP...

EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2026-1348)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by...

EulerOS 2.0 SP11 : python-urllib3 (EulerOS-SA-2026-1591)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the...