Lucene search
K

41 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libarchive (UTSA-2026-016794)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016794 advisory. An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when processing crafted -s substitution rules. Th...

5.5CVSS5.8AI score0.00139EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/22 9:37 a.m.4 views

CVE-2026-33257

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References4Affected Software3
OSV
OSV
added 2026/04/13 7:22 p.m.2 views

GHSA-WHJ4-6X5X-4V2J FITS GZIP decompression bomb in Pillow

Impact Pillow did not limit the amount of GZIP-compressed data read when decoding a FITS image, making it vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service OOM crash or severe performance degradation...

8.7CVSS5.8AI score0.00485EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/31 1:46 p.m.23 views

CVE-2026-34165 go-git: Maliciously crafted idx file can cause asymmetric memory consumption

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

5CVSS0.00147EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/03/27 9:4 a.m.9 views

Security update for python312

This update for python312 fixes the following issues: Update to Python 3.12.13: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

8.7CVSS7AI score0.01468EPSS
Exploits0References40
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.5 views

EulerOS Virtualization 2.12.1 : libvirt (EulerOS-SA-2026-1470)

According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was perform...

5.5CVSS5.9AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.9 views

PT-2026-25969

Name of the Vulnerable Software and Affected Versions Next.js versions 16.0.1 through 16.1.6 Description Next.js, a React framework for building full-stack web applications, is affected by an issue where requests containing the next-resume: 1 header can lead to excessive memory usage and potentia...

7.8CVSS5.7AI score0.00483EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.3 views

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2026-1345)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to...

7.5CVSS6.7AI score0.01468EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.3 views

EulerOS 2.0 SP10 : libarchive (EulerOS-SA-2026-1340)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when processing crafted -s...

5.5CVSS6.1AI score0.00139EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.4 views

CVE-2026-29612

OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing attackers to trigger large memory allocations. Remote attackers can supply oversized base64 payloads to cause memory pressure and denial of service...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/02/27 9:1 a.m.7 views

nats-server websockets are vulnerable to pre-auth memory DoS

...

7.5CVSS5.9AI score0.00478EPSS
Exploits0
Rosalinux
Rosalinux
added 2026/02/16 12:24 p.m.12 views

Advisory ROSA-SA-2026-3202

Software: tcpdump 4.9.3 OS: ROSA Virtualization 2.1 unaffected versions = tcpdump-4.9.3-5.rv3 affected versions tcpdump-4.9.3-5.rv3 CVE-ID: CVE-2021-41043 BDU-ID: 2025-16161 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the extractslice function of the network traffic analysis software tcpdump i...

5.5CVSS7.1AI score0.0087EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003326)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003326 advisory. The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service memory consumption by leveraging incorrect tracking of...

6.2CVSS6.5AI score0.006EPSS
Exploits0References17
F5 Networks
F5 Networks
added 2026/01/13 6:2 p.m.9 views

K000159078: Podman vulnerability CVE-2024-3056

Security Advisory Description A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will...

7.7CVSS6.6AI score0.00514EPSS
Exploits0
OSV
OSV
added 2025/12/03 2:35 p.m.4 views

BIT-ACTIVEMQ-2025-27533 Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service DoS by depleting process memor...

7.5CVSS6.4AI score0.08594EPSS
Exploits2References4
OSV
OSV
added 2025/10/07 7:31 p.m.1 views

CVE-2025-61910 NASA ION-DTN BPv7 4.1.3s Uncontrolled Memory Allocation that leads to Denial-of-Service

The NASA’s Interplanetary Overlay Network ION is an implementation of Delay/Disruption Tolerant Networking DTN. A BPv7 bundle with a malformed extension block causes uncontrolled memory allocation inside ION-DTN 4.1.3s, leading to receiver thread termination and a Denial-of-Service DoS. The...

7.5CVSS7.1AI score0.00323EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25694

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00681EPSS
Exploits2References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/11 1:40 p.m.2 views

Security Bulletin: Astronomer with IBM is vulnerable to memory consumption and denial of service due to the net/http package (CVE-2021-44716, CVE-2022-27664)

Summary net/http is used by Astronomer with IBM as part of the request processing functionality. Vulnerability Details CVEID:CVE-2021-44716 DESCRIPTION: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2...

7.5CVSS6.8AI score0.03958EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/05/23 1:52 p.m.4 views

USN-7529-1 tika vulnerabilities

It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-1950, CVE-2020-1951 It was discovered that Apache Tika...

5.5CVSS6.8AI score0.02723EPSS
Exploits0References6
OSV
OSV
added 2024/08/16 11:8 a.m.2 views

OESA-2024-2002 python-django security update

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumera...

9.8CVSS8AI score0.01258EPSS
Exploits0References7
Rows per page
Query Builder