PT-2026-35932

Name of the Vulnerable Software and Affected Versions CoreDNS versions prior to 1.14.3 Description CoreDNS transport implementations for gRPC, QUIC, DoH, and DoH3 incorrectly handle TSIG Transaction Signature authentication, which is a mechanism used to authenticate DNS messages. In gRPC and QUIC...

PT-2026-37095

Name of the Vulnerable Software and Affected Versions CoreDNS versions prior to 1.14.3 Description CoreDNS is a DNS server that chains plugins. A denial-of-service issue exists in the DNS-over-HTTPS DoH GET path because it lacks early size validation for requests. A remote, unauthenticated attack...

CVE-2026-3868

An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buff...

CVE-2026-3868

An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buff...

CVE-2026-3868

CVE-2026-3868 (Moxa Secure Router) involves improper handling of length parameters in the HTTPS management interface. An unauthenticated remote attacker can send crafted requests to trigger a buffer overflow, causing the web service to become unresponsive and potentially requiring a device reboot...

OESA-2026-2028 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. When establishing HTTPS tunnels through a configur...

OESA-2026-2027 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. When establishing HTTPS tunnels through a configur...

OESA-2026-2026 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. When establishing HTTPS tunnels through a configur...

SUSE SLED15 / SLES15 Security Update : dnsdist (SUSE-SU-2026:1618-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1618-1 advisory. Update to version 1.9.12. - https://www.dnsdist.org/changelog.htmlchange-1.9.12 Security issues fixed: -...

SUSE-SU-2026:1618-1 Security update for dnsdist

This update for dnsdist fixes the following issues: Update to version 1.9.12. - https://www.dnsdist.org/changelog.htmlchange-1.9.12 Security issues fixed: - CVE-2026-0396: crafted DNS queries triggering domain-based dynamic rules can lead to HTML injection in the web dashboard bsc1261236. -...

CLSA-2026-1777035524 libsoup: Fix of CVE-2026-5119

CVE-2026-5119: do not send cookies to a HTTP proxy for a HTTPS request...

SUSE CVE-2026-33254

An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default...

SUSE CVE-2026-33594

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection...

EUVD-2026-24927

An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default...

EUVD-2026-24931

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection...

CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

CVE-2026-33254

An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default...

CVE-2026-33595

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

CVE-2026-33254

An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default...

CVE-2026-33611

CVE-2026-33611 affects the Authoritative server when using the LMDB backend. An operator with REST API access can cause the server to produce invalid HTTPS or SVCB record data, which can lead to LMDB database corruption. The underlying issue is insufficient validation of HTTPS/SVCB records via RE...