515833 matches found
CVE-2026-56812
Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...
CVE-2026-56811
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...
CVE-2026-56812
This CVE affects Phoenix JS Presence (presence.js) with an unsafe existence check (state[key]) in Presence.syncState/Presence.syncDiff. Attacker-chosen keys that collide with Object.prototype cause the lookup to return Object.prototype, misclassify as existing, and read .metas.map(...) leading to...
CVE-2026-56812 Phoenix JavaScript presence client crashes on presence keys colliding with Object.prototype members in Presence.syncState/syncDiff
Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...
EUVD-2026-42050
Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...
CVE-2026-14940
A heap-buffer-overflow flaw was found in 389 Directory Server 389-ds-base. When normalizing a Distinguished Name DN that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name RDN, the server can write past the end of a heap allocation while sorting RDN...
CVE-2026-56811
The CVE-2026-56811 issue affects the Phoenix framework (Phoenix.Socket) where transports (WebSocket/LongPoll) allow an unbounded number of channel joins per transport, enabling a single unauthenticated client to exhaust BEAM processes and cause a denial-of-service across the node. Root cause is l...
EEF-CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service
Summary Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll...
CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...
EUVD-2026-42049
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...
CVE-2026-14940
Affected software/component: 389 Directory Server (389-ds-base). Vulnerability: heap-buffer-overflow in DN normalization when processing a legacy-quoted value encoding a multivalued nested RDN, causing writes past the end of a heap allocation. Attack scenario: an unauthenticated remote attacker c...
CVE-2026-14940 389-ds-base: 389-ds-base: heap-buffer-overflow in dn normalization via quoted multivalued rdn
A heap-buffer-overflow flaw was found in 389 Directory Server 389-ds-base. When normalizing a Distinguished Name DN that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name RDN, the server can write past the end of a heap allocation while sorting RDN...
EUVD-2026-42042
A heap-buffer-overflow flaw was found in 389 Directory Server 389-ds-base. When normalizing a Distinguished Name DN that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name RDN, the server can write past the end of a heap allocation while sorting RDN...
golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to...
golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters
A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...
golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses
A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...
389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...
389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...
389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...
389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...