Security update for python-Pillow

This update for python-Pillow fixes the following issue CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs bsc1265154. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2026:1842-1 Security update for python-Pillow

This update for python-Pillow fixes the following issue - CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs bsc1265154...

CVE-2026-43486 arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults

In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix setaccessflags no-op check for SMMU/ATS faults contpteptepsetaccessflags compared the gathered ptepget value against the requested entry to detect no-ops. ptepget ORs AF/dirty from all sub-PTEs in the CONT...

CVE-2026-43486

In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix setaccessflags no-op check for SMMU/ATS faults contpteptepsetaccessflags compared the gathered ptepget value against the requested entry to detect no-ops. ptepget ORs AF/dirty from all sub-PTEs in the CONT...

CVE-2026-39806

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...

CVE-2026-39806

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...

Security Bulletin: Vulnerability in pypdf bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage include pypdf which could cause infinite loop vulnerability. CVE-2026-24688. Vulnerability Details CVEID:CVE-2026-24688 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop...

CLSA-2026-1778661840 skopeo: Fix of CVE-2024-24786

CVE-2024-24786: fix infinite loop in vendored google.golang.org/protobuf protojson.Unmarshal on malformed JSON by handling EOF in skipJSONValue and rejecting ObjectClose after a Name token in Decoder.Read...

OPENSUSE-SU-2026:20745-1 Security update for php8

This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. - CVE-2026-6104: out-of-bounds read when processing an encoding name containing an embedded NULL byte in...

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...

PT-2026-40608

Name of the Vulnerable Software and Affected Versions bandit versions 1.6.1 through 1.11.0 Description An infinite loop in the do read chunked data!/5 function within lib/bandit/http1/socket.ex allows unauthenticated remote attackers to cause a denial of service via worker process exhaustion. The...

PT-2026-40628

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP MSP::loop, AP MSP, AP MSP.cpp components...

RHEL 8 : freerdp (RHSA-2026:16777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16777 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

CVE-2024-51394

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the APMSP::loop, APMSP, APMSP.cpp components...

PT-2026-40701

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP SmartAudio::loop, AP SmartAudio, AP SmartAudio.cpp components...

CVE-2024-51394

CVE-2024-51394 describes a Buffer Overflow in the ArduPilot Copter project (referenced as Ardupiot Copter in the sources) triggered by the code path through the AP_MSP::loop in AP_MSP.cpp. The vulnerability is exploitable by a local attacker and results in a denial of service. The CVSS 3.1 vector...