OESA-2026-1991 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation...

OESA-2026-1990 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation...

OESA-2026-1989 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation...

OESA-2026-1940 libarchive security update

is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007471 advisory. In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmdioctlmmapresource As 'kdata.num' is user-controlled...

Memory Allocation with Excessive Size Value

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the FlateDecode method when handling streams with a /Predictor value not equal to ...

Memory Allocation with Excessive Size Value

Overview PyPDF2 is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the FlateDecode method when handling streams with a /Predictor value not equal to...

GHSA-CPF9-PH2J-CCR9 zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

Summary endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger...

zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

Summary endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger...

GHSA-353C-V8X9-V7C3 MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

Summary The readRequestBody function in src/transports/http/server.ts concatenates HTTP request body chunks into a string with no size limit, allowing a remote unauthenticated attacker to crash the server via memory exhaustion with a single large HTTP POST request. Details File:...

EUVD-2026-23300

MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport...

SpdyStream: DOS on CRI

The SPDY/3 frame parser in spdystream does not validate attacker-controlled counts and lengths before allocating memory. A remote peer that can send SPDY frames to a service using spdystream can cause the process to allocate gigabytes of memory with a small number of malformed control frames,...

CVE-2026-6100

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

CVE-2026-4151

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a specially crafted ANI Animated Cursor file or visiting a malicious web page. This issue stems from an integer overflow during the parsing of ANI files, caused by insufficient validation of...

Python 安全漏洞

Python is an open-source, object-oriented programming language developed by the Python Foundation. This language features extensibility, support for modules and packages, and compatibility with multiple platforms. Python has security vulnerabilities; one of these vulnerabilities arises from reusi...

PT-2026-32423

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...

EUVD-2018-21770

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based...

GHSA-HM63-VWJ4-MJ2Q Duplicate Advisory: OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4qwc-c7g9-4xcw. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling...

Duplicate Advisory: OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4qwc-c7g9-4xcw. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling...

Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007099)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007099 advisory. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large...