CLSA-2026-1774999144 ImageMagick: Fix of 7 CVEs

CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28691: fix uninitialized pointer dereference in JBIG decoder - CVE-2026-25989: fix off-by-one boundary check in CastDouble functions - CVE-2026-25985: fix memory allocation without limits in SVG decoder -...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

CLSA-2026-1774997937 ImageMagick: Fix of 7 CVEs

CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28691: fix uninitialized pointer dereference in JBIG decoder - CVE-2026-25989: fix off-by-one boundary check in CastDouble functions - CVE-2026-25985: fix memory allocation without limits in SVG decoder -...

K000160551: OpenSSL vulnerability CVE-2025-66199

Security Advisory Description Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of ...

EUVD-2026-17405

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly...

CVE-2026-24030 Unbounded memory allocation for DoQ and DoH3

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly...

CVE-2026-24030

DNSdist (DNS load balancer) has a vulnerability CVE-2026-24030 where processing DNS over QUIC or DNS over HTTP/3 payloads may allocate unbounded memory, potentially causing denial of service and, in some cases, an out-of-memory state. Debian’s advisory notes a fix in dnsdist for stable (trixie) v...

DNSdist -- vulnerabilities

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html reports: CVE-2026-0396: HTML injection in the web dashboard CVE-2026-0397: Information disclosure via CORS misconfiguration CVE-2026-24028: Out-of-bounds read when parsing DNS packets via Lua CVE-2026-24029: DN...

OPENSUSE-SU-2026:20449-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Security fixes: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts bsc1253332 -...

Grafana Testdata datasource can issue unbounded memory allocations

A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

SUSE CVE-2026-27858

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No public...

SUSE CVE-2026-32941

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

UBUNTU-CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

CVE-2026-28375 Grafana Testdata datasource can issue unbounded memory allocations

A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

OESA-2026-1705 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.CVE-2025-59375 Race...

CVE-2026-27858

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No public...

CVE-2026-27858

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No public...

CVE-2026-27858

CVE-2026-27858 affects the managesieve component. An attacker can send a specially crafted message before authentication that causes managesieve to allocate a large amount of memory, and can force the managesieve-login process to become unavailable by repeated crashes. The practical impact is pot...

CVE-2026-27858

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No public...

Grafana -- Grafana Testdata datasource can issue unbounded memory allocations

https://grafana.com/security/security-advisories/cve-2026-28375 reports: A testdata data-source can be used to trigger out-of-memory crashes in Grafana...