Lucene search
K

16 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-12590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an...

5.9CVSS6.1AI score0.0025EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/27 9:33 p.m.21 views

Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")

Description Symfony\Component\Yaml\Parser resolves YAML aliases anchor during parsing. Aliases that reference collections arrays, stdClass, TaggedValue-wrapped collections can themselves point to other collections containing aliases, creating exponential expansion at resolution time. A small inpu...

5.8AI score0.00076EPSS
Exploits0References6Affected Software2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: rxrpc: fixed the RESPONSE authenticator parser OOB read issue. The rxgkverifyauthenticator function copies authlen bytes into a temporary buffer, and then passes p + authlen as the parser limit to rxgkdoverifyauthenticator...

9.1CVSS5.8AI score0.00442EPSS
Exploits0References1
CloudLinux
CloudLinux
added 2026/05/13 8:59 a.m.9 views

dovecot: Fix of CVE-2026-27857

CVE-2026-27857: imap-login: limit IMAP parser open lists to prevent excessive memory usage...

7.5CVSS5.8AI score0.00667EPSS
Exploits1
OSV
OSV
added 2026/05/13 8:59 a.m.11 views

CLSA-2026-1778250399 dovecot: Fix of CVE-2026-27857

CVE-2026-27857: imap-login: limit IMAP parser open lists to prevent excessive memory usage...

7.5CVSS5.8AI score0.00667EPSS
Exploits1References1
OSV
OSV
added 2026/05/08 2:35 p.m.8 views

CLSA-2026-1778250885 dovecot: Fix of CVE-2026-27857

CVE-2026-27857: imap-login: limit IMAP parser open lists to prevent excessive memory usage...

7.5CVSS5.8AI score0.00667EPSS
Exploits1References1
OSV
OSV
added 2026/04/24 3:16 p.m.5 views

DEBIAN-CVE-2026-31636

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgkverifyauthenticator copies authlen bytes into a temporary buffer and then passes p + authlen as the parser limit to rxgkdoverifyauthenticator. Since p is a be32 , that inflate...

9.1CVSS5.6AI score0.00442EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 2:44 p.m.6 views

EUVD-2026-25529

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgkverifyauthenticator copies authlen bytes into a temporary buffer and then passes p + authlen as the parser limit to rxgkdoverifyauthenticator. Since p is a be32 , that inflate...

5.5AI score0.00442EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/24 2:44 p.m.40 views

CVE-2026-31636 rxrpc: fix RESPONSE authenticator parser OOB read

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgkverifyauthenticator copies authlen bytes into a temporary buffer and then passes p + authlen as the parser limit to rxgkdoverifyauthenticator. Since p is a be32 , that inflate...

9.1CVSS0.00442EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/24 2:44 p.m.4 views

CVE-2026-31636

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgkverifyauthenticator copies authlen bytes into a temporary buffer and then passes p + authlen as the parser limit to rxgkdoverifyauthenticator. Since p is a be32 , that inflate...

9.1CVSS5.5AI score0.00442EPSS
Exploits0
CVE
CVE
added 2026/04/24 2:44 p.m.50 views

CVE-2026-31636

Summary: CVE-2026-31636 affects the Linux kernel rxrpc subsystem. The root cause is in rxgk_verify_authenticator(), which copies auth_len into a temporary buffer and then uses p + auth_len as the parser limit. Because p is a __be32*, this inflates the parser end pointer by four, enabling a slab-o...

9.1CVSS5.5AI score0.00442EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-34988

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the rxrpc component. The function rxgk verify authenticator copies auth len bytes into a temporary buffer and passes the parser limit to rxgk do verify...

9.1CVSS7.4AI score0.00442EPSS
Exploits0References32
OSV
OSV
added 2025/12/29 8:41 p.m.8 views

MGASA-2025-0334 Updated ruby-rack packages fix security vulnerabilities

Unbounded-Parameter DoS in Rack::QueryParser. CVE-2025-46727 ReDoS Vulnerability in Rack::Multipart handlemimehead. CVE-2025-49007 Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon-separated parameters. CVE-2025-59830 Rack's unbounded multipart preamble buffering...

8.7CVSS6.8AI score0.00911EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 7:40 a.m.35 views

CVE-2025-67731 Servify Express does not enforce rate limiting when parsing JSON

Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json without a size limit, which could allow attackers to send extremely large request bodies. This can cause excessive memory usage, degraded performanc...

8.7CVSS0.00352EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.8 views

PT-2025-50903

Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json without a size limit, which could allow attackers to send extremely large request bodies. This can cause excessive memory usage, degraded performanc...

8.7CVSS6.6AI score0.00352EPSS
Exploits0References4
OSV
OSV
added 2025/10/10 8:15 p.m.7 views

UBUNTU-CVE-2025-61919

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefo...

7.5CVSS6.7AI score0.00605EPSS
Exploits0References10
Rows per page
Query Builder