CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

SUSE CVE-2024-27355

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...

SUSE CVE-2026-46344

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

CVE-2026-46344

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

CVE-2026-46344 liboqs: Heap-buffer-overflow in XMSS verification path via OID-controlled parameter mismatch (xmss_commons.c:194)

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID

A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service DoS f...

Astra Linux - уязвимость в gnutls28

A flaw was discovered in GnuTLS. There exists a double-free vulnerability in GnuTLS due to incorrect handling of ownership in the export logic of Subject Alternative Name SAN entries that contain an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an...

Astra Linux - уязвимость в net-snmp

Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could use an improperly formatted OID in a SET request to the nsVacmAccessTable, causing a NULL pointer derefrence. Version 5.9.2 includes a patch to addre...

Astra Linux - уязвимость в linux-5.10, linux

In rndisqueryoid in drivers/net/wireless/rndiswlan.c within the Linux kernel, from version 6.1.5 onwards, there is an integer overflow in a mathematical operation...

CVE-2026-44167 phpseclib: CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...

CVE-2026-44167 phpseclib: CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...

CVE-2026-44167

phpseclib contains a mitigation bypass for CVE-2024-27355 in the OID handling path (ASN1::decodeOID). Prior to versions 1.0.29, 2.0.54, and 3.0.52, loading untrusted ASN.1 data (e.g., X.509 certificates, RSA keys) could trigger a denial-of-service. The vulnerability is fixed in 1.0.29, 2.0.54, an...

GHSA-F2QX-66WF-WVVX phpseclib guardrails needed on OID length

Impact Any application using that loads untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. Patches https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59 Workarounds No. Resources...

phpseclib has a CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()

Impact Anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc Patches https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc Workarounds No. References...

pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID

A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service DoS f...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pyasn1 (UTSA-2026-014296)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014296 advisory. pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID wi...

Exploit for Improper Certificate Validation in Wolfssl

CVE-2026-5194 - Security Vulnerability Quick Usage bas...

Unity Linux 20.1070a Security Update: resource-agents (UTSA-2026-007291)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007291 advisory. pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID wi...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial-of-Service in pyasn1 [CVE-2026-23490]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial-of-Service in pyasn1, caused by memory exhaustion from malformed RELATIVE-OID with excessive continuation octets CVE-2026-23490. Pyasn1 is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please rea...

EUVD-2026-21228

A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wcPKCS7DecryptOri function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo ORI recipient, the function copies an ASN.1-parsed OID into a fixed 32-byte stack buffer...