Lucene search
K

11184 matches found

OSV
OSV
added 2026/06/18 4:40 p.m.4 views

SUSE-SU-2026:2460-1 Security update for kubernetes-old

This update for kubernetes-old fixes the following issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265747. - CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of servic...

8.7CVSS5.8AI score0.00781EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 2:30 p.m.2 views

SUSE-SU-2026:22159-1 Security update for distribution

This update for distribution fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265788. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation...

10CVSS5.9AI score0.00781EPSS
Exploits1References21
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50771

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description An infinite loop Denial of Service DoS occurs during the process-tree walk when a parent process exits during authentication. The function usb get process parent id fails to initialize the ppid...

4.7CVSS5.9AI score0.00104EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.7 views

Siemens RUGGEDCOM RST2428P Infinite Loop (CVE-2026-23220)

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by nextsmb2rcvhdroff reset in error paths The problem occurs when a signed request fails smb2 signature verification check. In processrequest, if checksignreq returns an error, setsmb2rspstatuswork...

5.5CVSS5.9AI score0.00118EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 1:25 p.m.8 views

EUVD-2026-37704

An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...

8.7CVSS5.5AI score0.00417EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.7 views

Hitachi Energy RTU500 Infinite Loop (CVE-2026-32777)

libexpat before 2.7.5 allows an infinite loop while parsing DTD content, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

5.5CVSS7.2AI score0.00216EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.8 views

ImageMagick < 6.9.13-49 / 7.x < 7.1.2-24 Multiple Vulnerabilities

The remote host has a version of ImageMagick installed that is prior to 6.9.13-49 or 7.x prior to 7.1.2-24. It is, therefore, affected by multiple vulnerabilities: - A crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. CVE-2026-48734 - An infinite loop ...

5.5CVSS5.5AI score0.00107EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 9:23 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera HTTP Gateway

Summary Multiple vulnerabilities were addressed in IBM Aspera HTTP Gateway version 2.3.3 Vulnerability Details CVEID:CVE-2026-33814 DESCRIPTION: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with ...

7.5CVSS5.4AI score0.00781EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 4:51 p.m.4 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex

Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex 5.0.15.4 Vulnerability Details CVEID:CVE-2026-6322 DESCRIPTION: fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host th...

7.5CVSS5.3AI score0.00781EPSS
Exploits0Affected Software6
Snyk
Snyk
added 2026/06/16 2:5 p.m.8 views

Infinite loop

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop via the processing outlines or bookmarks in writer. An attacker can cause the application to enter an infinite loop ...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 2:5 p.m.35 views

pypdf: Possible infinite loop when processing outlines/bookmarks in writer

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. Patches This has been fixed in pypdf==6.13.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3830...

6.9CVSS5.3AI score0.00123EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/16 2:5 p.m.7 views

GHSA-M2V9-299J-RV96 pypdf: Possible infinite loop when processing outlines/bookmarks in writer

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. Patches This has been fixed in pypdf==6.13.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3830...

6.9CVSS5.3AI score0.00123EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/16 2:5 p.m.8 views

Infinite loop

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop via the font retrieving. An attacker can cause the application to enter an infinite loop by crafting a specially...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 2:5 p.m.21 views

pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. Patches This has been fixed in pypdf==6.13.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3830...

6.9CVSS5.2AI score0.00123EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/16 2:5 p.m.6 views

GHSA-52X6-GQ3R-VPF4 pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. Patches This has been fixed in pypdf==6.13.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3830...

6.9CVSS5.3AI score0.00123EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.10 views

PT-2026-49743

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.13.0 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that triggers an infinite loop. This occurs when merging a file containing outlines into a writer. Recommendations Update to...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.9 views

PT-2026-49742

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.13.0 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF file that triggers an infinite loop. This occurs specifically when extracting text in layout mode. Recommendations Update to...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36802

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS5.2AI score0.00186EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 8:16 p.m.12 views

CVE-2026-53704

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS0.00186EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/15 7:10 p.m.7 views

CVE-2026-53704

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS5.3AI score0.00186EPSS
Exploits0
Rows per page
Query Builder