11984 matches found
CVE-2026-26931
Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...
CVE-2026-26940
The CVE concerns Kibana’s Timelion visualization plugin, where improper validation of a specified quantity (input) by an authenticated user can cause a Denial of Service through excessive allocation. The underlying issue is validated quantity handling leading to overwriting internal series data p...
CVE-2026-26931
CVE-2026-26931 affects Metricbeat’s Prometheus remote_write HTTP handler. The issue is a memory allocation with an excessive size value, leading to Denial of Service. Public references (OSV/GHSA/Nessus) describe Metricbeat (8.0.x–8.19.12/9.0.x–9.2.4 ranges) as affected and indicate remediation by...
CVE-2026-26931
Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...
CVE-2026-26931 Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service
Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...
CVE-2026-26931 Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service
Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...
Metricbeat 8.19.13, 9.2.5 Security Update (ESA-2026-09)
Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130. Affected Versions: 8.x: All versions...
EUVD-2026-13099
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CVE-2026-4426
CVE-2026-4426 concerns libarchive’s zisofs decompression logic where an ISO9660 Rock Ridge extension field pz_log2_bs is not properly validated. This Undefined Behavior can lead to incorrect memory allocation and a denial-of-service via crafted ISO files, with remote attack vector and user intera...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
nvme: fix memory allocation in nvme_pr_read_keys()
...
USN-8103-2: Exiv2 regression
USN-8103-1 fixed vulnerabilities in Exiv2. The update caused a regression for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exiv2 did not correctly handle...
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...
SUSE CVE-2026-23244
In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in nvmeprreadkeys nvmeprreadkeys takes numkeys from userspace and uses it to calculate the allocation size for rse via structsize. The upper limit is PRKEYSMAX 64K. A malicious or buggy userspace can...
Elastic Metricbeat 安全漏洞
Elastic Metricbeat is an metrics collector developed by the Dutch company Elastic. There is a security vulnerability in Elastic Metricbeat, which stems from an issue with the Prometheus remotewrite HTTP processor, where excessive memory allocation values may lead to denial-of-service attacks due ...
ImageMagick Buffer Overflow Vulnerability (CNVD-2026-16617)
ImageMagick is ImageMagick open source set of open source image processing software. Can read, convert or write images in a variety of formats. ImageMagick suffers from a buffer overflow vulnerability that originates beyond the end of the write stack buffer when a memory allocation failure occurs...
PT-2026-26314
Name of the Vulnerable Software and Affected Versions Metricbeat affected versions not specified Description A memory allocation issue exists within the Prometheus remote write HTTP handler in Metricbeat. This issue, categorized as excessive allocation CAPEC-130, can lead to a denial of service...
openSUSE 16 Security Update : docker-stable (openSUSE-SU-2026:20366-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20366-1 advisory. - CVE-2025-58181: Fixed unbounded memory consumption. bsc1253904 - CVE-2025-30204: Fixed a bug in jwt-go which allows excessive memory allocatio...