Integer Overflow or Wraparound

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the payload size calculation within the Write process. An attacker can cause the process to enter an infinite loop and exhaust system resources by...

Integer Overflow or Wraparound

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the payload size calculation within the Write process. An attacker can cause the process to enter an infinite loop and exhaust system resources by...

CVE-2026-39830

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

CVE-2026-39830

CVE-2026-39830 describes a vulnerability in golang.org/x/crypto/ssh where a malicious SSH peer can send unsolicited global request responses to fill an internal buffer, causing the connection read loop to block. The blocked goroutine cannot be released by Close(), leading to a per-connection reso...

EUVD-2026-31397

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

CVE-2026-39834

CVE-2026-39834 concerns a flaw in golang.org/x/crypto/ssh where writing data larger than 4GB in a single Write on an SSH channel triggers an integer overflow in the internal payload size calculation. The overflow causes the write loop to spin indefinitely, sending empty packets and making no prog...

GO-2026-5020 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...

Unity Linux 20.1060e / 20.1070e Security Update: xerces-j2 (UTSA-2026-016680)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016680 advisory. There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser t...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from an integer overflow in the calculation of the internal payload size when writing dat...

Linux Distros Unpatched Vulnerability : CVE-2026-32739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Bind vulnerabilities (USN-8293-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8293-1 advisory. Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could...

@nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty

Summary The copyProps function in lib/src/object/copy.ts uses for...in to iterate over source object properties without an Object.hasOwnProperty check, and does not filter dangerous keys proto, constructor, prototype. This allows an attacker to pollute the prototype chain of all objects in the...

GHSA-X7J8-49R8-MR43 @nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty

Summary The copyProps function in lib/src/object/copy.ts uses for...in to iterate over source object properties without an Object.hasOwnProperty check, and does not filter dangerous keys proto, constructor, prototype. This allows an attacker to pollute the prototype chain of all objects in the...

USN-8293-1 bind9 vulnerabilities

Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...

USN-8293-1: Bind vulnerabilities

Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...

RLSA-2025:14560 Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python3 security update

An update is available for python3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language,...

SUSE-SU-2026:21742-1 Security update for util-linux

This update for util-linux fixes the following issue - CVE-2026-27456: TOCTOU in the mount program when setting up loop devices bsc1261606...

SUSE-SU-2026:21727-1 Security update for util-linux

This update for util-linux fixes the following issue - CVE-2026-27456: TOCTOU in the mount program when setting up loop devices bsc1261606...

EUVD-2026-31267

In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails When iovitergetpages2 fails in rdsmessagezcopyfromuser, the pinned pages are released with putpage, and rm-data.opmmpznotifier is cleared. But we fail to properly clear...