13 matches found
CVE-2026-43618
A flaw was found in rsync. An authenticated daemon peer can exploit an integer overflow vulnerability in the compressed-token decoder. By carefully manipulating the compressed-token, a malicious sender can trigger an overflow, leading to remote memory disclosure. This allows an attacker to leak...
CVE-2026-29785 NATS Server panic via malicious compression on leafnode port
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...
CVE-2026-29785
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...
CVE-2026-29785
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...
CVE-2026-29785 NATS Server panic via malicious compression on leafnode port
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...
NATS Server panic via malicious compression on leafnode port
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. When configured to accept leafnode connections for a hub/spoke topology of multiple nats-servers, then the default configuration allows for...
NULL Pointer Dereference
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the compression process on the leafnode port. An attacker can...
PT-2026-27612
Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.14 NATS-Server versions prior to 2.12.5 Description NATS-Server, a high-performance messaging system, is susceptible to a server panic when configured as a leafnode. This occurs pre-authentication and require...
Elasticsearch 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-07)
Elasticsearch yawkat LZ4 Java - CVE-2025-66566 ESA-2026-07 An Information Disclosure vulnerability CVE-2025-66566 exists in the yawkat LZ4 Java library used by Elasticsearch that allows an attacker to read previous buffer contents through specially crafted compressed input sent via the transport...
PT-2024-40073 · Apache +1 · Apache +1
Name of the Vulnerable Software and Affected Versions: ibexa post-install versions prior to the patched versions Description: The issue is related to the BREACH vulnerability, which affects HTTP compression and can allow secrets to be extracted through carefully crafted requests. This is due to...
PT-2024-40372 · Varnish +1 · Varnish +1
Name of the Vulnerable Software and Affected Versions: ezplatform-http-cache affected versions not specified Description: The issue is related to the BREACH vulnerability, which affects HTTP compression and can allow secrets to be extracted through carefully crafted requests. This is due to...
Microsoft SMBv3 compression remote code execution vulnerability
Overview Microsoft SMBv3 contains a vulnerability in the handling of compression, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. This vulnerability is being referred to as "SMBGhost and CoronaBlue." Description Microsoft Server Message Block...
PT-2018-9415 · Aaugustin +1 · Uwebsockets +1
Name of the Vulnerable Software and Affected Versions: aaugustin websockets versions 4.0 through 4.0 Description: The issue is related to improper handling of highly compressed data, which can result in Denial of Service by memory exhaustion. This can be exploited by sending a specially crafted...