RHEL 9 : libarchive (RHSA-2026:7106)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7106 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM...

Linux Distros Unpatched Vulnerability : CVE-2026-35406

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006681)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006681 advisory. In the Linux kernel, the following vulnerability has been resolved: ubi: ubiwlputpeb: Fix infinite loop when wear-leveling work failed Following process will trigger...

SUSE CVE-2026-27456

util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...

CVE-2026-39934

Loop with unreachable exit condition 'infinite loop' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions. This issue was remediated only on the master branch...

CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

UBUNTU-CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

CVE-2026-39934 Growth Experiments ReassignMenteesJob runs as an infinite loop

Loop with unreachable exit condition 'infinite loop' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions. This issue was remediated only on the master branch...

CVE-2026-39934 Growth Experiments ReassignMenteesJob runs as an infinite loop

Loop with unreachable exit condition 'infinite loop' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions. This issue was remediated only on the master branch...

CVE-2026-39934

The CVE-2026-39934 entry describes an infinite loop (unreachable exit condition) vulnerability in the Wikimedia Foundation’s MediaWiki GrowthExperiments Extension. Affected versions are 1.45.2, 1.44.4, and 1.43.7. The issue is described as a Time-of-Check and Time-of-Use (TOCTOU) race condition c...

CVE-2026-35406 Aardvark-dns has incorrect error handling for malformed tcp packets

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

CVE-2026-35406

Affected software: aardvark-dns (authoritative DNS server for A/AAAA container records). Vulnerable versions: 1.16.0 through 1.17.0. Root cause: a truncated TCP DNS query followed by a connection reset can cause the process to enter an unrecoverable infinite error loop, consuming 100% CPU. Impact...

CVE-2026-35406 Aardvark-dns has incorrect error handling for malformed tcp packets

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

netavark has incorrect error handling for malformed tcp packets

Impact A truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. Patches https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13f44ce73bb1 Workarounds None Credits Thanks to @dkane01 for reporti...

CVE-2026-39376 FastFeedParser has an infinite redirect loop DoS via meta-refresh chain

FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...

SUSE-SU-2026:21062-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

GHSA-GM9M-GWC4-HWGP Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution

Summary @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or visited-URL loop detection. An attacker who controls a remote ActivityPub key or actor URL can force a server using Fedify to mak...