CLSA-2026-1779465893 postgresql: Fix of CVE-2026-6473

CVE-2026-6473: tsearch: bound StartSel/StopSel/FragmentDelimiter length to PGINT16MAX in tsheadline - CVE-2026-6473: contrib/ltree: guard lquery parsing against numvar and totallen wraparound - CVE-2026-6473: regex: add overflow-checked MALLOCARRAY/REALLOCARRAY and bound NFA state/color products...

Oracle Linux 9 : ruby:3.3 (ELSA-2026-18030)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18030 advisory. - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171255 - Fix possible denial of service in resolv gem...

MiracleLinux 9 : golang-1.18.9-1.el9, go-toolset-1.18.9-1.el9 (AXSA:2023-4904:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4904:01 advisory. golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward...

MiracleLinux 8 : ruby:2.5 (AXSA:2024-8560:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8560:01 advisory. rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 CVE-2023-36617 ruby: Buffer overread vulnerability in StringIO...

MiracleLinux 9 : ruby:3.3 (AXSA:2024-8491:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8491:01 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memo...

MiracleLinux 8 : ruby:3.0 (AXSA:2024-8502:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8502:01 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability in Time...

Linux Distros Unpatched Vulnerability : CVE-2016-9643

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service memory consumption as demonstrated in a large number of $ open parenthesis...

Medium: runc

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

Medium: containerd

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

Medium: docker

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

OESA-2025-1055 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of...

OESA-2025-1052 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of...

Updated golang packages fix security vulnerability

regexp/syntax: limit memory used by parsing regexps CVE-2022-41715 archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880...

AZL-37407 CVE-2022-41715 affecting package golang for versions less than 1.21.6-1

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consu...

chromium-browser: V8 memory corruption in regex

Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Fedora 14 : glibc-2.12.90-17 (2010-16308)

Implement accurate fma BZ3268, 43358 - Fix alignment of AVX save area on x86-64 BZ12113 - Fix regex memory leaks BZ12078 - Improve output of psiginfo BZ12107, BZ12108 - Don't return NULL address in getifaddrs BZ12093 - Fix strstr and memmem algorithm BZ12092, 641124 - Don't discard result of...