NewStart CGSL MAIN 7.02 : brotli Vulnerability (NS-SA-2026-0038)

The remote NewStart CGSL host, running version MAIN 7.02, has brotli packages installed that are affected by a vulnerability: - Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against...

CVE-2026-33155

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have...

OPENSUSE-SU-2026:20396-1 Security update for librsvg

This update for librsvg fixes the following issues: Update to version 2.60.2: - CVE-2024-12224: Fixed idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243867. - CVE-2024-43806: Fixed memory explosion in rustix bsc1229950...

SUSE-SU-2026:20910-1 Security update for librsvg

This update for librsvg fixes the following issues: Update to version 2.60.2: - CVE-2024-12224: Fixed idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243867. - CVE-2024-43806: Fixed memory explosion in rustix bsc1229950...

PT-2026-21803

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.1.0 Description The use of the fiber flash cookie can lead to an unbounded allocation on any server. A specially crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory through unvalidat...

Security update for librsvg

This update for librsvg fixes the following issues: Update to version 2.52.12. CVE-2024-12224: idna: incorrect hostname comparisons and URL parsing may be performed due to acceptance of Punycode labels that do not produce any non-ASCII output when decoded bsc1243867. CVE-2024-43806: rustix:...

SUSE-SU-2025:4411-1 Security update for librsvg

This update for librsvg fixes the following issues: Update to version 2.52.12. - CVE-2024-12224: idna: incorrect hostname comparisons and URL parsing may be performed due to acceptance of Punycode labels that do not produce any non-ASCII output when decoded bsc1243867. - CVE-2024-43806: rustix:...

OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests

Summary JSON objects after decoding might use more memory than their serialized version. It is possible to tune a JSON to maximize the factor between serialized memory usage and deserialized memory usage similar to a zip bomb. While reproducing the issue, we could reach a factor of about 35. This...

CVE-2025-59043 OpenBao vulnerable to denial of service via malicious JSON request processing

OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the factor between serialized memory usage and...

SUSE-SU-2025:20858-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - CVE-2025-55159: slab: incorrect bounds check in getdisjointmut function can lead to undefined behavior or potential crash due to out-of-bounds access bsc1248006 - CVE-2025-3416: openssl: Use-After-Free in Md::fetch and Cipher::fetch in...

EUVD-2023-2715

Malicious code in bioql PyPI...

SUSE-SU-2025:02811-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 - Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344...

CVE-2024-43806

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

Azure Linux 3.0 Security Update: flux / kata-containers / kata-containers-cc / rust / virtiofsd (CVE-2024-43806)

The version of flux / kata-containers / kata-containers-cc / rust / virtiofsd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43806 advisory. - Rustix is a set of safe Rust bindings to POSIX-ish...

`rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion

...

CBL Mariner 2.0 Security Update: flux / kata-containers / kata-containers-cc / rust / virtiofsd (CVE-2024-43806)

The version of flux / kata-containers / kata-containers-cc / rust / virtiofsd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43806 advisory. - Rustix is a set of safe Rust bindings to POSIX-ish...

SUSE CVE-2024-43806

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

AZL-48324 CVE-2024-43806 affecting package kata-containers-cc for versions less than 3.2.0.azl2-7

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

DEBIAN-CVE-2024-43806

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

AZL-48318 CVE-2024-43806 affecting package virtiofsd for versions less than 1.8.0-3

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...