5254 matches found
Important: Red Hat Security Advisory: python3.12 security update
An update for python3.12 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
CVE-2026-56375 ImageMagick - Memory Leak in ASHLAR Coder Action Failure
ImageMagick through 7.1.2-18 contains a memory leak vulnerability in the ASHLAR coder when an action fails. Attackers can trigger failed actions to exhaust memory resources and cause denial of service...
EUVD-2025-210469
A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.2, specifically within the Level Control cluster's periodic server tick logic. When a MoveToLevel command is sent and immediately followed by a write of OperationMode=2 in the Pump Configuration and Control...
CVE-2026-49476 Soup Sieve: Memory Exhaustion via Large Comma-Separated Selector Lists in soupsieve
Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists, allowing an attacker who can supply a crafted selector string to soupsieve.compile o...
.NET Denial of Service Vulnerability
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network...
EUVD-2026-43601
An issue in MikroTIk SIA Mikrotikls, Latvia RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten function in libumsg.so...
CVE-2025-56363
A null pointer dereference vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters Channel, Account Login, TargetNavigator, etc.. The function lacks proper validation of the delegate pointer before dereferencing. ...
crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries
A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...
Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite
A vulnerability in the backuprun function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the runhash and repo.path parameters, which can be manipulated to create an...
RockyLinux 10 : podman (RLSA-2026:37072)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:37072 advisory. golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate CVE-2026-39835 golang.org/x/crypto/ssh:...
RockyLinux 9 : gstreamer1-plugins-bad-free (RLSA-2026:36834)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:36834 advisory. gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tilelistobu parser byte/bit confusion CVE-2026-52718 gstreamer1-plugins-bad-free:...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Go Cryptography vulnerabilities (USN-8519-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8519-1 advisory. Jakub Ciolek and Nicola Murino discovered that Go Cryptography incorrectly handled SSH agent responses. A...
CVE-2026-15276
A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown code of the component Metadata Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit has been published and may be used. The pull request to fix this...
CVE-2026-57027
CVE-2026-57027 affects Juniper Networks Junos OS on EX4100 and EX4400 in sFlow VC deployments. When multicast traffic is exchanged between VC members, a memory leak in the packet forwarding engine (pfe) can cause an FPC crash and restart, leading to DoS for unauthenticated adjacent attackers. Aff...
CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations
The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18.1.P1 for Spring Boot release.
Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
dnsmasq < 2.93 Heap-Based Buffer Overflow (CVE-2026-12725)
The version of dnsmasq installed on the remote host is prior to 2.93. It is, therefore, affected by a heap-based buffer overflow vulnerability. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause...
Important: Red Hat Security Advisory: Red Hat Edge Manager Version 1.0.3 Security Update
Red Hat Edge Manager Version 1.0.3 Security Update Red Hat Edge Manager RHEM provides simple, scalable, and security-focused management of edge devices and applications. It supports image-mode RHEL and container workloads that run on Podman/Docker or Kubernetes. RHEM is now available as a...
kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...
CVE-2026-60000
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...