413 matches found
CVE-2026-42006
An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...
PT-2026-40030
Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description An attacker can cause uncontrolled memory usage via excessive bracing over IMAP. A previous fix was incomplete as it only blocked closing braces, allowing the memory limit to be bypassed using op...
OESA-2026-2219 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads wi...
OESA-2026-2217 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads wi...
PT-2026-39154
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILE UPLOAD MAX MEMORY SIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit...
CVE-2026-43240
A flaw was found in the Linux kernel's x86/kexec component. When a second-stage kernel is booted with a memory-limiting command, the Integrity Measurement Architecture IMA kexec buffer may be located outside the accessible memory range. This can lead to a kernel panic, effectively causing a Denia...
CVE-2026-43129
A flaw was found in the Linux kernel's Integrity Measurement Architecture IMA subsystem. When a second-stage kernel is booted via kexec with a memory-limiting command line, the IMA measurement buffer from the previous kernel may fall outside the new kernel's addressable memory. This out-of-bounds...
CVE-2026-43129
The CVE-2026-43129 issue stems from the Linux kernel IMA subsystem: when booting a second-stage kernel via kexec with a memory-limited command line, the IMA measurement buffer from the previous kernel could lie outside the new kernel’s addressable RAM, causing an early-page fault on x86_64. The f...
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM
In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in imarestoremeasurementlist", v3. When the second-stage kernel is booted via kexec with a limiting command line such as "mem="...
EUVD-2026-27381
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...
Django has an Improper Handling of Length Parameter Inconsistency
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...
PYSEC-2026-54
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to b...
CVE-2026-5766
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...
CVE-2026-5766
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...
CVE-2026-5766
CVE-2026-5766 affects Django 6.0 before 6.0.5 and 5.2 before 5.2.14. An ASGI request with a missing or understated Content-Length can bypass FILE_UPLOAD_MAX_MEMORY_SIZE, potentially loading large files into memory and degrading service. The issue is mitigated by applying the patched releases (6.0...
CVE-2026-5766 Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...
CVE-2026-31602
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a single page Commit 391e69143d0a increased CTPTPNUM from 1 to 4 to support 256 playback streams, but the additional pages are not used by the card correctly. The CT20K2 hardware already has multiple...
CVE-2026-41309 Open Source Social Network (OSSN) Vulnerable to Resource Exhaustion via Malicious Image Processing
Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 \times 10000$ pixels. While the compressed file size...
CVE-2026-41309 Open Source Social Network (OSSN) Vulnerable to Resource Exhaustion via Malicious Image Processing
Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 \times 10000$ pixels. While the compressed file size...
Security update for python-Django (important)
openSUSE security update: security update for python-django ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20578-1 Rating: important References: bsc1261722 bsc1261724 bsc1261729 bsc1261731 bsc1261732 Cross-References: CVE-2026-33033 CVE-2026-33034...