Lucene search
+L

422 matches found

cvelist
cvelist
added 2 days ago26 views

CVE-2026-59246 Zero-length HTTP/2 CONTINUATION frames bypass Mint's header-block byte-size cap and exhaust client memory

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...

6.3CVSS0.00305EPSS
Exploits0References4
nvd
nvd
added 6 days ago6 views

CVE-2026-55781

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock block size only against the MINBSIZE lower bound and does not validate the fsfsize fragment size, allowin...

2.4CVSS0.00112EPSS
Exploits0References3
euvd
euvd
added 6 days ago6 views

EUVD-2026-42957

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock block size only against the MINBSIZE lower bound and does not validate the fsfsize fragment size, allowin...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References3
cve
cve
added 6 days ago9 views

CVE-2026-55781

The CVE affects NanaZip (7-Zip derivative) prior to version 6.5.1749.0, specifically the UFS/FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp. The root cause is that superblock considerations validate the block size only against MINBSIZE and do not validate the fs_fsize fragment size, allowing...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References3
osv
osv
added 2026/07/06 6:27 a.m.5 views

OESA-2026-2840 nilfs-utils security update

Userspace utilities for creating and mounting NILFS v2 filesystems. Security Fixes: NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images...

6.7CVSS5.9AI score0.00105EPSS
Exploits0References2
nessus
nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-8720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When...

7.5CVSS6AI score0.00111EPSS
Exploits0References3
mscve
mscve
added 2026/06/27 8:9 a.m.7 views

thunderbolt: Bound root directory content to block size

...

7.1CVSS5.8AI score0.00126EPSS
Exploits0
euvd
euvd
added 2026/06/26 12:32 a.m.9 views

EUVD-2026-39579

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

5.9CVSS5.9AI score0.00111EPSS
Exploits0References3
nvd
nvd
added 2026/06/25 10:17 p.m.11 views

CVE-2026-8720

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

7.5CVSS0.00111EPSS
Exploits0References2
osv
osv
added 2026/06/25 10:17 p.m.4 views

DEBIAN-CVE-2026-8720

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

7.5CVSS5.8AI score0.00111EPSS
Exploits0References1
osv
osv
added 2026/06/25 10:17 p.m.5 views

UBUNTU-CVE-2026-8720

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

7.5CVSS5.8AI score0.00111EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/06/25 9:18 p.m.7 views

CVE-2026-8720

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

5.9CVSS5.9AI score0.00111EPSS
Exploits0References3Affected Software1
cve
cve
added 2026/06/25 9:18 p.m.26 views

CVE-2026-8720

CVE-2026-8720 affects wolfSSL’s HMAC-BLAKE2 APIs (wc_Blake2bHmacFinal, wc_Blake2sHmacFinal). When the supplied key length exceeds the BLAKE2 block size, the key-hashing branch reinitializes the running hash state and discards accumulated message data, causing the MAC to depend only on the key and...

7.5CVSS5.9AI score0.00111EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/25 9:18 p.m.26 views

CVE-2026-8720 HMAC-BLAKE2 final discards message when key length exceeds block size

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

5.9CVSS0.00111EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/06/25 9:18 p.m.8 views

CVE-2026-8720

wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the BLAKE2 block size the key-hashing branch reinitialized the running hash state, discarding the...

7.5CVSS5.8AI score0.00111EPSS
Exploits0References2
nvd
nvd
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53149

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tbpropertyparsedir does not check that contentoffset + contentlen fits within blocklen for the root directory case. When rootdir-length equals or exceeds blocklen - 2, the...

7.1CVSS0.00126EPSS
Exploits0References8
osv
osv
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53149

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tbpropertyparsedir does not check that contentoffset + contentlen fits within blocklen for the root directory case. When rootdir-length equals or exceeds blocklen - 2, the...

7.1CVSS5.7AI score0.00126EPSS
Exploits0References11
debiancve
debiancve
added 2026/06/25 8:38 a.m.6 views

CVE-2026-53149

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tbpropertyparsedir does not check that contentoffset + contentlen fits within blocklen for the root directory case. When rootdir-length equals or exceeds blocklen - 2, the...

7.1CVSS5.6AI score0.00126EPSS
Exploits0
euvd
euvd
added 2026/06/25 8:38 a.m.6 views

EUVD-2026-39240

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tbpropertyparsedir does not check that contentoffset + contentlen fits within blocklen for the root directory case. When rootdir-length equals or exceeds blocklen - 2, the...

5.7AI score0.00126EPSS
Exploits0References8
cve
cve
added 2026/06/25 8:38 a.m.15 views

CVE-2026-53149

CVE-2026-53149 affects the Linux kernel Thunderbolt code path, where __tb_property_parse_dir() may read beyond the root directory block due to missing bounds checks on content_offset/content_len. The issue could allow reading past a directory block, with high impact to confidentiality and availab...

7.1CVSS5.7AI score0.00126EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder