CLSA-2026-1772576264 containernetworking-plugins: Fix of 3 CVEs

rebuild with newer golang version 1.25.7-1.el96.tuxcare.els1 to fix the following CVEs - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in handling inbound media downloads across multiple channels, where configured byte limits are not consistently enforced before...

CVE-2026-28351

A flaw was found in pypdf, a free and open-source pure-python PDF library. An attacker can exploit this vulnerability by crafting a malicious PDF file that, when parsed, leads to excessive memory consumption. This occurs specifically when processing the content stream using the RunLengthDecode...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

Linux Distros Unpatched Vulnerability : CVE-2026-28351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large...

Denial Of Service

pypdf is vulnerable to Denial of Service. The vulnerability is due to an attacker crafting a PDF with unusually large values in the /ToUnicode entry of a font, where parsing this entry leads to long runtimes and large memory consumption, and how attackers can exploit it by using this vulnerabilit...

CVE-2026-28351

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

DEBIAN-CVE-2026-28351

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

CVE-2026-28351

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

pypdf 资源管理错误漏洞

pypdf is an open-source, free Python library for handling PDF files. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.7.4 of pypdf, there was a resource management vulnerability due to improper handling of specially crafted PDF files during...

PT-2026-22400

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.7.4 Description The pypdf library is susceptible to a resource exhaustion issue. An attacker can create a specially crafted PDF file that causes excessive memory usage when processed using the RunLengthDecode filter...

BIT-MONGODB-2026-1850 An authorized user may disable the MongoDB server by issuing a certain type of complex query due to boolean expression simplification

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...

CLSA-2026-1772040065 grafana-pcp: Fix of 2 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els5 to fix the following CVE's - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing - CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages...

CLSA-2026-1772039226 golang: Fix of 2 CVEs

CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing - CVE-2025-61732: prevent cgo code smuggling by removing user-controlled content from documentation strings in generated ASTs...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

GHSA-V7G2-M8C5-MF84 ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder

A crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate 674 GB of memory, leading to an out-of-memory abort. Found via AFL++ fuzzing with afl-clang-lto instrumentation and AddressSanitizer...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

UBUNTU-CVE-2026-27025

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...