Lucene search
K

792 matches found

OSV
OSV
added yesterday2 views

GHSA-5XRH-QMMQ-W6CH Netty: SCTP reassembly nests buffers without bound

For each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping the previous accumulator and the new slice into a new CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding...

7.5CVSS5.7AI score
Exploits0References4
NVD
NVD
added yesterday2 views

CVE-2026-11611

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

6.5CVSS
Exploits0References3
OSV
OSV
added yesterday2 views

DEBIAN-CVE-2026-11611

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

6.5CVSS5.4AI score
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-43973

A flaw was found in gun. A malicious server can exploit this uncontrolled resource consumption vulnerability by sending a partial HTTP/1.1 response that never completes. This causes the client's memory buffer to grow without bounds, leading to unbounded heap growth and potentially exhausting all...

8.7CVSS5.7AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-11611

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

6.5CVSS5.4AI score
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-35129

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

6.5CVSS5.4AI score
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-11611

CVE-2026-11611 concerns the Content Synchronization persistent search plugin in 389 Directory Server. The flaw enables denial of service via unbounded memory growth when an authenticated client stops reading sync responses, and there are additional race conditions in the plugin thread lifecycle t...

6.5CVSS5.4AI score
Exploits0References3
Cvelist
Cvelist
added yesterday20 views

CVE-2026-11611 389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

6.5CVSS
Exploits0References3
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-11611

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

6.5CVSS5.4AI score
Exploits0
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-47625

Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "r " to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...

7.5CVSS5.9AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added yesterday2 views

Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3334 (ALAS-2026-3334)

The version of nerdctl installed on the remote host is prior to 2.2.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3334 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory...

10CVSS5.8AI score0.00068EPSS
Exploits0References28
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-47339

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

6.5CVSS5.4AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-47579

Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "r " to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...

7.5CVSS5.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-47611

For each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping the previous accumulator and the new slice into a new CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding...

7.5CVSS5.7AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added yesterday4 views

Linux Distros Unpatched Vulnerability : CVE-2026-11611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops...

6.5CVSS5.5AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-39827

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...

6.5CVSS5.5AI score0.00023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2025-10470

The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that...

8.6CVSS5.6AI score0.00062EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-35457

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed i...

8.2CVSS5.5AI score0.00077EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added last week7 views

CVE-2026-45292

A flaw was found in OpenTelemetry Java, specifically within the baggage propagation implementation of opentelemetry-api and opentelemetry-extension-trace-propagators. A remote attacker can exploit this vulnerability by sending oversized baggage, which leads to unbounded memory allocation and high...

7.5CVSS5.8AI score0.00059EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.5 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39827)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39827 advisory. - An authenticated SSH client that repeatedly opened channels which were rejected by the server...

6.5CVSS5.6AI score0.00023EPSS
Exploits0References1
Rows per page
Query Builder