GHSA-7GCJ-PHFF-2884 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths

Summary The SignalK server is vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within its WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter of a stream subscription, an attacker can force the server's...

CLSA-2026-1776440644 expat: Fix of 4 CVEs

CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor and entityValueProcessor - CVE-2023-52425: add reparse deferral heuristic to prevent On^2 parsing of large tokens in small buffer refills; fix buffer growth calculation - CVE-2013-0340: add billion laughs entity...

EUVD-2026-24136

The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...

CVE-2026-3298

The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...

CVE-2026-3298

The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...

PSF-2026-20

The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...

PSF-0000-CVE-2026-3298

The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...

CVE-2026-3298

CVE-2026-3298 describes an out-of-bounds write in Windows-only asyncio.ProacterEventLoop.sock_recvfrom_into() when using the nbytes parameter. The root cause is a missing boundary check for the destination data buffer, enabling a write past the buffer size if incoming data exceeds it. Non-Windows...

EUVD-2026-23996

In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery ND option over a local network with length zero, because of an "ndoptlen 8 - 2" expression with no preceding check for whether ndoptlen is zero...

JLSEC-2026-169

A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancelextop Cancel operation, resulting in denial of service...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013090)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013090 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Fix segfault in tcmlooptpgaddressshow If the allocation of tlhba-sh fails ...

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-011338)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011338 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013051)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013051 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix infinite loop in nilfsmdtgetblock If the disk image that nilfs2 mounts is corrupted a...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010936)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010936 advisory. In the Linux kernel, the following vulnerability has been resolved: loop: loopsetstatusfrominfo check before assignment In loopsetstatusfrominfo, lo-looffset and...

OpenBSD 安全漏洞

OpenBSD is a cross-platform, BSD-based UNIX-like operating system developed by the OpenBSD organization in Canada. Versions of OpenBSD 7.8 and earlier contained a security vulnerability caused by the slaacd and rad daemon entering an infinite loop when receiving a specially crafted ICMPv6 neighbo...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013346)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013346 advisory. In the Linux kernel, the following vulnerability has been resolved: loop: loopsetstatusfrominfo check before assignment In loopsetstatusfrominfo, lo-looffset and...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011114)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011114 advisory. In the Linux kernel, the following vulnerability has been resolved: ubi: ubiwlputpeb: Fix infinite loop when wear-leveling work failed Following process will trigger...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011374)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011374 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix an infinite loop error when len is 0 in tcpbpfrecvmsgparser When the buffer...

Revisiting and Expanding the IPv6 Network Periphery: Global-Scale Measurement and Security Analysis

As IPv6 deployment accelerates, understanding the evolving security posture of network peripheries becomes increasingly important. A DSN 2021 study introduced the first large-scale discovery of IPv6 network peripheries, uncovering risks like service exposure and routing loops. However, its scope...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013087)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013087 advisory. In the Linux kernel, the following vulnerability has been resolved: can: kvaserusb: leaf: Fix potential infinite loop in command parsers The kvaserusbleafwaitcmd and...