CVE-2026-42923

A flaw was found in Unbound's DNSSEC validator where the code path for consulting the negative cache for DS records does not honor the limit on NSEC3 hash calculations introduced in version 1.19.1. An adversary who controls a DNSSEC-signed zone can sign NSEC3 records with high iteration counts fo...

GHSA-87PF-FPWV-P7M7 net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication

Summary When authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. Details A hostile IMAP server can send an arbitrarily large PBKDF2 iteration count in the...

CVE-2024-42245

In the Linux kernel, the following vulnerability has been resolved: Revert "sched/fair: Make sure to try to detach at least one movable task" This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06. b0defa7ae03ec changed the load balancing logic to ignore env.maxloop if all tasks examined to...

SUSE CVE-2021-47486

In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix potential NULL dereference The bpfjitbinaryfree function requires a non-NULL argument. When the RISC-V BPF JIT fails to converge in NRJITITERATIONS steps, jitdata-header will be NULL, which triggers a NULL...

DEBIAN-CVE-2021-47486

In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix potential NULL dereference The bpfjitbinaryfree function requires a non-NULL argument. When the RISC-V BPF JIT fails to converge in NRJITITERATIONS steps, jitdata-header will be NULL, which triggers a NULL...

CVE-2024-26999

In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmaczilog as ...

CVE-2024-26999 serial/pmac_zilog: Remove flawed mitigation for rx irq flood

In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmaczilog as ...

CVE-2024-26699

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dcn35clkmgr Why There is a potential memory access violation while iterating through array of dcn35 clks. How Limit iteration per array size...

DEBIAN-CVE-2024-26699

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dcn35clkmgr Why There is a potential memory access violation while iterating through array of dcn35 clks. How Limit iteration per array size...

CLSA-2023-1698690146 nginx: Fix of CVE-2023-44487

CVE-2023-44487: HTTP/2 - per-iteration stream handling limit...

CLSA-2023-1697742241 Fix CVE(s): CVE-2023-44487

SECURITY UPDATE: The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly - debian/patches/CVE-2023-44487.patch: HTTP/2 - per-iteration stream handling limit. - CVE-2023-44487...

freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations

An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks...