denial of service

CVE-2026-4647 is a GNU Binutils flaw in the BFD library that can be triggered when parsing specially crafted XCOFF object files, and the security impact is best understood as a mix of service disruption and limited memory disclosure rather than code execution. Microsoft’s advisory frames the...

Microsoft’s listing for CVE-2026-0965 highlights a denial-of-service condition in libssh tied to improper configuration file handling, and the upstream libssh project confirms that the issue was among the security fixes shipped in its 0.12.0 and 0.11.4 releases on February 10, 2026. The...

## Overview A new OpenSSL security advisory has drawn attention to CVE-2026-28390, a low-severity denial-of-service flaw in CMS processing that can trigger a NULL pointer dereference when an application handles a crafted CMS EnvelopedData message using KeyTransportRecipientInfo with RSA-OAEP...

Microsoft’s CVE-2026-28389 entry points to a possible NULL dereference while processing CMS KeyAgreeRecipientInfo, and the immediate practical consequence is a denial-of-service condition rather than code execution. The vulnerability description explicitly frames the impact as a total loss of...

The phrase “There is total loss of availability…” is the key severity language that Microsoft is attaching to CVE-2026-23411, a Linux kernel AppArmor flaw that has been described as a race between freeing data and filesystem code still accessing it. In practical terms, that means an unprivileged...

CVE-2026-23404 has all the hallmarks of a small-looking kernel bug with outsized operational consequences: it turns a recursive AppArmor profile-removal routine into an iterative one to avoid kernel stack exhaustion and crashes. The issue sits in a security module many administrators treat as...

Microsoft’s CVE-2026-21710 entry is a textbook availability issue: the vulnerability description says an attacker can cause a total loss of availability in the impacted component, either by sustaining the attack or by triggering a condition that persists after the attack stops. That phrasing...

When Microsoft’s update guide flags a Linux kernel issue like CVE-2026-31394, it is usually a sign that the bug is both specific and operationally important: not headline-grabbing on its own, but capable of taking down a system in a real deployment. This one sits in mac80211, the Linux wireless...

Microsoft’s CVE-2026-33554 is being described in MSRC’s own CVSS language as a denial-of-availability issue severe enough to produce a total or sustained loss of service in the impacted component. That framing matters because it signals more than a transient crash: Microsoft is describing a...

NATS Server has disclosed a serious availability bug in its leafnode handling, tracked as CVE-2026-29785. According to the project’s own advisory, a malicious remote NATS server can trigger a pre-authentication panic by abusing compression during leafnode negotiation, taking down the impacted...

CVE-2026-4897 in polkit is a reminder that not every serious security issue is about code execution or privilege escalation; sometimes, the simplest attack is still the most disruptive. Microsoft’s update guide characterizes the flaw as a denial of service via unbounded input processing through...

Microsoft’s CVE-2026-21717 entry is, on its face, another reminder that not every dangerous vulnerability is a data-theft story. Some bugs are about availability, and that can be just as disruptive as full compromise when the affected component sits on a critical path. The description attached...

Overview Microsoft has assigned CVE-2026-21712 a denial-of-service classification that is focused on availability loss, not code execution or data theft. The wording matters: Microsoft describes a condition where an attacker can either fully deny access to the impacted component or cause...

Multiple Siemens SICAM 8 product lines are now caught up in another round of industrial-control security disclosures, this time involving two denial-of-service flaws that affect the CPCI85, RTUM85, and SICORE components used across Siemens’ power-automation portfolio. Siemens says fixes are...

Microsoft's March 2026 security bulletin added another entry to a long-running problem class: a divide-by-zero weakness in the Windows Graphics Component that can be triggered by an unprivileged local actor to cause a denial of service. The vulnerability, tracked as CVE-2026-25169, is classified...

A subtle pointer-reset bug in the Linux kernel's in‑kernel SMB server, ksmbd, has been assigned CVE‑2026‑23220 and fixed upstream; left unpatched the defect can cause the server to loop indefinitely while repeatedly reprocessing the same failed request, flooding logs and driving CPU usage to...

A small defensive change landed upstream this month that closes a straightforward—but impactful—NULL-pointer weakness in the Linux kernel’s NVMe-over-TCP target code. Left unpatched, the bug allows crafted NVMe/TCP traffic to cause a kernel NULL-pointer dereference and crash the host, producing...

A malformed cluster-bus packet in Valkey can crash the server process and trigger a remote denial-of-service condition unless operators apply the vendor patch or isolate the cluster bus interface, a weakness tracked as CVE-2026-21863 and disclosed by the Valkey maintainers and vulnerability...

A subtle design choice in QUIC’s path‑validation code turned into a practical denial‑of‑service lever: CVE‑2023‑49295 lets a remote peer drive a quic‑go server into memory exhaustion by abusing PATH_CHALLENGE/PATH_RESPONSE exchanges, and the problem—disclosed in late 2023 and published with...

The Linux kernel flaw tracked as CVE-2024-23849 is a classic off-by-one bounds-check error in the RDS receive path that can produce an out‑of‑bounds memory access and a denial‑of‑service (system crash) on affected kernels up to and including 6.7.1. Background / Overview Reliable Datagram Sockets...