14871 matches found
CVE-2026-10740
CVE-2026-10740 affects s2n-quic prior to version 1.8.2, where an unbounded memory allocation in the CRYPTO frame reassembler can allow an unauthenticated remote actor to trigger a denial of service (degraded availability) by sending crafted QUIC Initial packets. The vulnerability is triggered dur...
CVE-2026-10740 Excessive memory allocation in s2n-quic
Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service degraded availability by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2...
CVE-2026-10740 Excessive memory allocation in s2n-quic
Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service degraded availability by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2...
kernel: usbip: validate number_of_packets in usbip_pack_ret_submit()
A flaw was found in the Linux kernel's USB/IP subsystem. A malicious USB/IP server could exploit a vulnerability in the usbippackretsubmit function by sending a specially crafted RETSUBMIT response. This response, containing an oversized numberofpackets value, could cause a heap out-of-bounds...
Security update for mariadb
This update for mariadb fixes the following issues: CVE-2026-3494: audit plugin comment handling bypass bsc1259176. CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. CVE-2026-35549: SHA2 auth plugin crash on large packets bsc1261413. CVE-2026-44168: wsrep SST unsafe parameter...
CVE-2026-29116
A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service...
CVE-2026-29115
A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service...
MGASA-2026-0183 Updated freeciv packages fix security vulnerabilities
CVE-2026-33250, freeciv crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player's machine...
Updated freeciv packages fix security vulnerabilities
CVE-2026-33250, freeciv crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player's machine...
Palo Alto Networks PAN-OS 代码问题漏洞
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a code vulnerability in Palo Alto Networks PAN-OS, which stems from memory corruption during tunnel traffic processing. This vulnerability could allow authenticated users to initiat...
Russh 安全漏洞
Russh is a Rust SSH client and server library developed by Eugene as a personal project. Versions of Russh from 0.34.0 to 0.61.1 contained security vulnerabilities. These vulnerabilities stemmed from the acceptance of overly large compressed data packets when SSH compression was enabled, which...
TDengine 数字错误漏洞
TDengine is an open-source, high-performance, cloud-native time series database developed by the TDengine company. There are digital error vulnerabilities in the TDengine 3.4.0.0 to 3.4.1.5 version. These vulnerabilities stem from unverified remote attackers sending specially crafted RPC packets,...
s2n-quic 安全漏洞
s2n-quic is a high-performance QUIC protocol implementation library open source by Amazon Web Services. Versions of s2n-quic prior to 1.8.2 contained security vulnerabilities. These vulnerabilities stemmed from unbounded memory allocation in theCRYPTO frame reassembler, which could allow...
Dahua多款产品 安全漏洞
Dahua SD, among others, are products of China’s Dahua Corporation. Dahua SD is a series of cloud-based tabletop cameras. Dahua NVR is a series of network video recorders. Dahua XVR is a series of devices capable of recording and displaying high-definition and IP cameras. Several Dahua products ha...
PT-2026-48517
Name of the Vulnerable Software and Affected Versions s2n-quic versions prior to 1.8.2 Description Unbounded memory allocation in the CRYPTO frame reassembler allows an unauthenticated remote actor to cause a denial of service, resulting in degraded availability, by sending crafted QUIC Initial...
Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
Arista Extensible Operating System EOS contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP...
CVE-2026-35058
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...
SUSE-SU-2026:2303-1 Security update for postgresql17
This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...
CVE-2026-3238
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...
CVE-2026-3238
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...