273 matches found
RockyLinux 9 : python3.12 (RLSA-2026:19177)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19177 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...
EUVD-2026-32255
In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOCMAXCACHESIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensi...
UBUNTU-CVE-2026-45971
In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOCMAXCACHESIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into expensi...
Astra Linux - уязвимость в apache2
If the Apache HTTP Server 2.4.53 is configured to perform transformations using modsed, especially in contexts where the input to modsed can be very large, modsed may cause excessive memory allocation and trigger an abort...
Astra Linux - уязвимость в golang-github-golang-jwt-jwt
golang-jwt is a Go implementation of JSON Web Tokens. Starting from version 3.2.0 and before versions 5.2.2 and 4.5.2, the parse.ParseUnverified function splits its argument which contains untrusted data using periods. As a result, in the case of a malicious request where the Authorization header...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: iavf: Fixed error handling related to adminq. iavfallocasqbufs/iavfallocarqbufs allocate memory for VF mailbox using dmaalloccoherent. DMA regions are freed for both ASQ and ARQ in case an error occurs during the configuration...
SUSE CVE-2026-39820
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...
EUVD-2026-28423
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...
DEBIAN-CVE-2026-39820
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...
CVE-2026-39820
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...
UBUNTU-CVE-2026-39820
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...
PT-2026-38564
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Well-crafted inputs reaching the functions ParseAddress, ParseAddressList, and ParseDate can trigger excessive CPU exhaustion and memory allocations, leading to ...
Astra Linux - уязвимость в linux
A issue was discovered in the Linux kernel versions 2.6.39 through 5.10.16, as used in Xen. The block, net, and SCSI backends consider certain errors as ordinary bugs, which are deliberately designed to cause kernel crashes. For errors that may be influenced by guests such as memory exhaustion...
CVE-2026-33524
Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error Denial of Service. This vulnerability is fixed in...
CVE-2026-31602
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture ctxfi driver. When handling memory allocations, the ctvmmap function can attempt to access memory beyond its allocated boundaries if aggregate memory allocations exceed a single page limit. This out-of-bounds access...
CVE-2026-33524
Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error Denial of Service. This vulnerability is fixed in...
CVE-2026-21728
Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...
CVE-2026-40303
CVE-2026-40303 (zrok) affects zrok prior to 2.0.1. The flaw is in endpoints.GetSessionCookie, which parses an attacker-supplied cookie chunk count and calls make([]string, count) without an upper bound before token validation. This enables unauthenticated remote attackers to trigger gigabyte-scal...
BIT-GRAFANA-2026-28375 Grafana Testdata datasource can issue unbounded memory allocations
A testdata data-source can be used to trigger out-of-memory crashes in Grafana...