UltraJSON 安全漏洞

UltraJSON is an open-source, ultra-fast JSON encoder and decoder written in pure C language, and compatible with Python 3.7+. Versions of UltraJSON 5.11.0 and earlier contained security vulnerabilities; these vulnerabilities stemmed from buffer overflows or infinite loops during processing of lar...

AlmaLinux 10 : libarchive (ALSA-2026:5063)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:5063 advisory. libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archivereaddata in libarchive CVE-2026-4111 Tenable has extracted the preceding description...

ewe 安全漏洞

ewe is a lightweight web server build package developed by Vladislav Shakitskiy. Versions of ewe 3.0.4 and earlier contained security vulnerabilities; these vulnerabilities stemmed from an infinite loop in the handletrailers function, which could lead to a denial-of-service attack...

CVE-2026-32875

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent...

Linux Distros Unpatched Vulnerability : CVE-2026-32875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or...

Denial of service via non-terminating SYLT frame parsing loop in tinytag

Summary tinytag 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse attacker-supplied files, a single 498-byte MP3 can cause the parsin...

OPENSUSE-SU-2026:20397-1 Security update for poppler

This update for poppler fixes the following issues: - CVE-2025-11896: infinite recursion leading to stack overflow due to object loop in PDF CMap bsc1252337...

fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata

...

fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST

...

fs: ntfs3: check return value of indx_find to avoid infinite loop

...

SUSE CVE-2025-71265

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed NTFS image can cause an infinite lo...

SUSE CVE-2025-71266

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indxfind to avoid infinite loop We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed dentry in the ntfs3 filesystem can cause the...

SUSE CVE-2026-23257

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...

PT-2026-26463

Name of the Vulnerable Software and Affected Versions tinytag versions 2.2.0 Description tinytag version 2.2.0 contains an issue where an attacker who can supply MP3 files for parsing can trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-si...

Apache Airflow Security Bypass Vulnerability (CNVD-2026-15157)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from a security bypass vulnerability that stems...

ALSA-2026:5063 Important: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

Important: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

[slackware-security] expat

New expat packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/expat-2.7.5-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Fix NULL function pointer dereference for empty external...

validateSignature Loop Variable Capture Signature Bypass in goxmldsig

Details The validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version, there is a loop variable capture issue. The code takes the address of the...

GHSA-479M-364C-43VC validateSignature Loop Variable Capture Signature Bypass in goxmldsig

Details The validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version, there is a loop variable capture issue. The code takes the address of the...