41 matches found
CVE-2026-58250 NATS Server: Pre-auth server crash via double INFO in leafnode handshake
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by...
SUSE CVE-2026-46229
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...
CVE-2026-46229
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...
UBUNTU-CVE-2026-46229
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...
CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...
UBUNTU-CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2025:23069)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23069 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the coapdtlsgeneratecookie function. An attacker can cause the application to crash by sending a specially crafted DTLS handshake that results in SSLgetSSLCTX returning NULL. Remediation Upgrade libcoap to...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the coapdtlsgeneratecookie function. An attacker can cause the application to crash by sending a specially crafted DTLS handshake that results in SSLgetSSLCTX returning NULL. Remediation Upgrade libcoap to...
AZL-68781 CVE-2025-59530 affecting package coredns for versions less than 1.11.1-24
quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...
UBUNTU-CVE-2025-59530
quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...
Linux Distros Unpatched Vulnerability : CVE-2022-38153
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
SUSE CVE-2024-0743
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox 122, Firefox ESR 115.9, and Thunderbird 115.9...