Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

GHSA-6P9P-Q6WH-9J89 apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion availability impact. The Split function reads the first tar header,...

PT-2026-6268

Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.0.9 Description apko is a tool for building and publishing OCI container images from apk packages. A flaw exists in the expandapk.Split function where it drains the first gzip stream of an APK archive without...

apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion availability impact. The Split function reads the first tar header,...

Fedora 43 : cef (2026-c5295ae3b9)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c5295ae3b9 advisory. Update to cef-144.0.11+ge135be2 + chromium 144.0.7559.96 rhbz2432335 CVE-2026-1220: Race in V8 CVE-2026-0899: Out of bounds memory access in V8...

Google Chrome Security Bypass Vulnerability (CNVD-2026-11754)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from a security user interface error in split-screen view, which can be exploited by an attacker to bypass security restrictions...

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004949)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004949 advisory. In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap'ing the...

SUSE-SU-2026:20125-1 Security update for python313

This update for python313 fixes the following issues: - Update to 3.13.11: - Security - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service bsc1254997 - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response bsc1254400 -...

SUSE-SU-2026:20154-1 Security update for python313

This update for python313 fixes the following issues: - Update to 3.13.11: - Security - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service bsc1254997 - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response bsc1254400 -...

OPENSUSE-SU-2026:20081-1 Security update for python313

This update for python313 fixes the following issues: - Update to 3.13.11: - Security - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service bsc1254997 - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response bsc1254400 -...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38040)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38040 advisory. - In the Linux kernel, the following vulnerability has been resolved: serial: mctrlgpio: split disablems into...

Azure Linux 3.0 Security Update: coreutils (CVE-2024-0684)

The version of coreutils installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0684 advisory. - A flaw was found in the GNU coreutils split program. A heap overflow with user-controlled data of multiple...

ROS-20260122-73-0017

A vulnerability in the Split View component of Google Chrome browser is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow a remote attacker to spoof the user interface using a specially crafted domain name...

Azure Linux 3.0 Security Update: kernel (CVE-2025-23150)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23150 advisory. - In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in dosplit...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38084)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38084 advisory. - In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during...