514784 matches found
Important: Red Hat Security Advisory: giflib security update
An update for giflib is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension
A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension GCE block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of...
CVE-2026-56365
ImageMagick before 7.1.2-19 contains a memory leak in the PNG encoder when writing MNG images. Exploitation can exhaust memory resources, leading to denial of service. The issue is tied to the PNG encoder implementation (writing MNG images). No remediation details are included in the provided doc...
CVE-2026-56364
ImageMagick before 7.1.2-13 contains a memory leak in LoadOpenCLDeviceBenchmark() when parsing malformed OpenCL device profile XML files with unclosed device elements. With write access to the OpenCL cache directory, an attacker can place crafted XML files to exhaust memory, causing denial of ser...
CVE-2026-56363
ImageMagick (before 7.1.2-22) is affected by a division-by-zero vulnerability in binomial kernel processing that can trigger a denial-of-service by supplying a large binomial kernel value, causing integer overflow and application crash. Affected component: binomial kernel processing in ImageMagic...
CVE-2026-54696
CVE-2026-54696 affects the Ruby JSON gem, specifically versions 2.9.0 through 2.19.8. The issue is a heap buffer overflow that occurs when the JSON generator handles an oversized streamed object written via JSON.dump(obj, io) or JSON::State#generate(obj, io). If a streamed object contains an atta...
kernel: gfs2: Fix use-after-free in iomap inline data write path
A flaw was found in the Linux kernel's GFS2 filesystem. This memory corruption vulnerability, a use-after-free, occurs in the iomap inline data write path. The issue arises because a data buffer is released prematurely while still being referenced, leading to a write to freed memory. This could...
CVE-2026-57585
The CVE concerns MessagePack for Python (msgpack). Prior to version 1.2.1, reusing an Unpacker after a caught error can trigger an out-of-bounds read/crash, potentially causing a DoS via SEGV. A fix is available in version 1.2.1. This entry uses concrete details from the connected records (produc...
Vulnerabilities in Citrix Netscaler ADC and Netscaler Gateway
Citrix has identified vulnerabilities in NetScaler ADC and NetScaler Gateway that are related to inadequate input validation, incorrect access control, and improper memory release. The vulnerabilities, identified as CVE-2026-8451 and CVE-2026-10817, arise from inadequate input validation, where t...
EUVD-2025-210383
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling...
EUVD-2026-40401
IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/buildpublictmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service...
EUVD-2026-40393
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...
CVE-2026-9002
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...
CVE-2026-9002 IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...
EUVD-2026-40379
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...
libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the --htmlout command line option, causing an application...
libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the --htmlout command line option, causing an application...
libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the --htmlout command line option, causing an application...
EUVD-2023-50377
RabbitMQ vulnerable to Denial of Service by publishing large messages over the HTTP API...
ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses
A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...