11 matches found
GO-2026-5475 containerd image-triggered runtime DoS via unbounded group parsing in github.com/containerd/containerd
containerd image-triggered runtime DoS via unbounded group parsing in github.com/containerd/containerd...
USN-8471-1 containerd vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu...
USN-8473-1: containerd vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013196)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013196 advisory. In the Linux kernel, the following vulnerability has been resolved: pinctrl: rockchip: Fix refcount leak in rockchippinctrlparsegroups offindnodebyphandle returns a...
OSV-2026-565 Heap-buffer-overflow in xmlFAParsePosCharGroup
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=501547873 Crash type: Heap-buffer-overflow READ 1 Crash state: xmlFAParsePosCharGroup xmlFAParseCharGroup xmlFAParseCharGroup...
NewStart CGSL MAIN 6.06 : sudo Vulnerability (NS-SA-2025-0224)
The remote NewStart CGSL host, running version MAIN 6.06, has sudo packages installed that are affected by a vulnerability: - A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group aka %group in the sudoers file during authorizatio...
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.
...
GHSA-RXF6-323F-44FC Duplicate Advisory: rust-protobuf crate is vulnerable to Uncontrolled Recursion, potentially leading to DoS
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2gh3-rmm4-6rq5. This link is maintained to preserve external references. The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup...
UBUNTU-CVE-2025-53605
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...
Important: libcap
Issue Overview: The PAM module pamcap.so of libcap configuration supports group names starting with "@", during actual parsing, configurations not starting with "@" are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potential...
libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...