Lucene search
+L

339 matches found

OSV
OSV
added 4 days ago6 views

SUSE-SU-2026:3057-1 Security update for terraform-provider-susepubliccloud

This update for terraform-provider-susepubliccloud fixes the following issues - CVE-2022-41723: go1.19,go1.20: net/http2: quadratic complexity in HPACK decoding bsc1208300. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-header...

9.6CVSS7AI score0.04561EPSS
Exploits1References22
NVD
NVD
added 2026/07/10 9:16 p.m.4 views

CVE-2026-57220

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame length...

7.5CVSS0.00515EPSS
Exploits1References6
CVE
CVE
added 2026/07/10 8:19 p.m.18 views

CVE-2026-57220

RabbitMQ (server) prior to 4.2.6 is vulnerable in the stream listener: during authentication and before Tune negotiation, it does not enforce the configured stream frame-size limit. An unauthenticated remote client can declare oversized frame lengths, potentially exhausting broker memory via rabb...

7.5CVSS6.1AI score0.00515EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/07/10 8:19 p.m.33 views

CVE-2026-57220 RabbitMQ: Stream listener does not enforce configured frame-size limit during authentication, permitting unauth'd mem-exhaust DoS

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame length...

7.5CVSS0.00515EPSS
Exploits1References6
SUSE Linux
SUSE Linux
added 2026/07/10 12:48 p.m.4 views

Security update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provid

This update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-random, terraform-provider-susepubliccloud, terraform-provider-tls fixes the following issue...

7.5CVSS6.7AI score0.00781EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.12 views

PT-2026-57305

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 4.2.6 Description The RabbitMQ stream listener fails to enforce the configured stream frame-size limit when assembling frames during authentication and before Tune negotiation. This allows an unauthenticated remote...

7.5CVSS6.1AI score0.00515EPSS
Exploits1References8
Redos
Redos
added 2026/07/10 12:0 a.m.6 views

ROS-20260710-73-0009

The vulnerability in the HTTP/2 implementation using the Go programming language arises from executing a loop with an unreachable exit condition when processing the value of SETTINGSMAXFRAMESIZE, which is equal to 0. Exploiting this vulnerability could allow a remote attacker to cause a service...

7.5CVSS6.1AI score0.00781EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/09 8:53 a.m.4 views

gstreamer1-plugins-good: GStreamer: Heap buffer overflow in WavPack decoder via integer overflow

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

7.6CVSS6.4AI score0.0031EPSS
Exploits0References4
Redos
Redos
added 2026/07/09 12:0 a.m.7 views

ROS-20260709-73-0023

The vulnerability in the HTTP/2 implementation using the Go programming language arises from executing a loop with an unreachable exit condition when processing the value of SETTINGSMAXFRAMESIZE, which is equal to 0. Exploiting this vulnerability could allow a remote attacker to cause a service...

7.5CVSS6.8AI score0.00781EPSS
Exploits0
OSV
OSV
added 2026/07/06 6:29 a.m.7 views

OESA-2026-2868 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremapprot The only caller of ioremapprot outside of the generic ioremap implementation is genericaccessphys, which passe...

7.8CVSS6AI score0.00135EPSS
Exploits0References7
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.6 views

Security update for ignition (important)

openSUSE security update: security update for ignition ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21108-1 Rating: important References: bsc1265751 Cross-References: CVE-2026-33814 CVSS scores: CVE-2026-33814 SUSE : 7.5...

7.5CVSS6.5AI score0.00781EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-53216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path...

9.8CVSS6.1AI score0.00546EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:7 a.m.9 views

thunderbolt: Limit XDomain response copy to actual frame size

...

7.1CVSS5.8AI score0.00242EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : nghttp2 (EulerOS-SA-2026-2494)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...

7.5CVSS7.1AI score0.00775EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 1:22 a.m.18 views

CVE-2026-53216

A flaw was found in the Linux kernel's mvpp2 network driver. This vulnerability arises from improper handling of the eXpress Data Path XDP frame size, where the system advertises a larger frame size than the actual allocated buffer for short buffer pools. This can allow the bpfxdpadjusttail...

9.8CVSS6AI score0.00546EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.6 views

SUSE SLES16 Security Update : ignition (SUSE-SU-2026:22181-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:22181-1 advisory. This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given b...

7.5CVSS6.8AI score0.00781EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.13 views

CVE-2026-53146

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tbxdomaincopy copies req-responsesize bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the val...

7.1CVSS0.00242EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53146

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tbxdomaincopy copies req-responsesize bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the val...

7.1CVSS5.9AI score0.00242EPSS
Exploits0References11
OSV
OSV
added 2026/06/25 9:16 a.m.5 views

UBUNTU-CVE-2026-53216

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGESIZE as frame size. XDP helper...

9.8CVSS5.8AI score0.00546EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/25 8:39 a.m.10 views

EUVD-2026-39307

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGESIZE as frame size. XDP helper...

6AI score0.00546EPSS
Exploits0References7
Rows per page
Query Builder