CVE-2026-48986

pamusb provides hardware authentication for Linux using removable media. In pamusb 0.9.1 and earlier, usbgetprocessparentid can cause an infinite loop DoS because it does not initialize ppid on failure. In pusblocallogin, the same variable is reused as input and output in a process-tree while loo...

PT-2026-50135

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An issue exists in the token public-only scope enforcement where a public-only scoped API token can access private organization data. This occurs due to two flaws: the endpoint '/user/orgs' is...

CVE-2026-48684

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In processnetflowv9optionstemplate src/netflowplugin/netflowv9collector.cpp, the scope parsing loop lines 224-229 iterates until scopesoffset reaches the attacker-controlled...

hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's 0.25.0-alpha.3 ... 0.25.2 and hickory-net's 0.26.0-alpha.1 .. 0.26.0 DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of th...

Digital Bazaar Forge 安全漏洞

Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar. It is also an open-source tool used for developing encrypted and network-intensive web applications. Versions of Forge prior to 1.4.0 contained a security vulnerability caused by an infini...

CVE-2026-33487

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...

CLSA-2026-1773768935 Fix CVE(s): CVE-2026-25968, CVE-2026-25986, CVE-2026-25987

SECURITY UPDATE: stack buffer overflow in MSL opacity attribute parser - debian/patches/CVE-2026-25968.patch: replace fixed-size stack buffer with heap-allocated string and add length check - CVE-2026-25968 SECURITY UPDATE: heap buffer overflow write in YUV 4:2:2 image processing -...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound through the encoding loop that fails to reset the temporary size variable between iterations in the ISO-2022-JP encoder. An attacker can corrupt stack and heap memory by providing crafted DOM tree...

UBUNTU-CVE-2026-26283

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a continue statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger ...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2026-50100)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50100 advisory. - crypto: afalg - Fix incorrect boolean values in afalgctx Eric Biggers Orabug: 38879907 CVE-2025-40022 - crypto: afalg - Disallow concurrent writ...

Linux Distros Unpatched Vulnerability : CVE-2018-5686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdfparsearray function pdf/pdf-parse.c because EOF is not considered. Remot...

CLSA-2025-1739386692 libvirt: Fix of 2 CVEs

CVE-2024-2496: fix memory corruption listing interfaces - CVE-2024-4418: fix stack use-after-free in event loop...

CVE-2024-53055 wifi: iwlwifi: mvm: fix 6 GHz scan construction

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix 6 GHz scan construction If more than 255 colocated APs exist for the set of all APs found during 2.4/5 GHz scanning, then the 6 GHz scan construction will loop forever since the loop variable has type u8,...

CVE-2024-42392

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters...

CVE-2024-42392

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters...

CVE-2024-42392

CVE-2024-42392 affects Cesanta Mongoose Web Server library (v7.14 and possibly earlier) with an Improper Neutralization of Delimiters flaw that can trigger an infinite loop when input strings contain unexpected characters. The NVD/NVD-derived note and Red Hat and CVE records describe this vulnera...

CVE-2024-42392 Improper Neutralization of Delimiters in Mongoose Web Server library

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters...

CVE-2024-42392 Improper Neutralization of Delimiters in Mongoose Web Server library

Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters...

kernel: cifs: fix underflow in parse_server_interfaces()

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...

[slackware-security] samba

New samba packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/samba-4.18.5-i586-1slack15.0.txz: Upgraded. PLEASE NOTE: We are taking the unusual step of moving to the latest Samba branch because...