483 matches found
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the remote read endpoint when processing snappy-compressed request bodies. An attacker can cause excessive memory allocation and crash the process by sending specially crafted payloads...
CVE-2026-42154
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...
CVE-2026-42154
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...
CVE-2026-42154
Prometheus (open-source monitoring/time-series database) is affected by CVE-2026-42154. Before versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker c...
CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...
CVE-2026-42154
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...
CVE-2026-42154
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...
SUSE-SU-2026:21543-1 Security update for java-25-openjdk
This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.3+9 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of...
CVE-2026-7737 osrg GoBGP BMP Parser bmp.go BMPStatisticsReport.ParseBody out-of-bounds
A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...
SUSE CVE-2026-41476
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds read by sending a malformed clipboard update. The issue is in the implementation of...
Linux Distros Unpatched Vulnerability : CVE-2026-41476
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connect...
PT-2026-37189
Name of the Vulnerable Software and Affected Versions zrok versions prior to 2.0.2 Description The zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but fails to prevent symlink following. If a symbolic link within the shared DriveRoot points to a...
CVE-2026-41475
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending a truncated W...
CVE-2026-22015
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...
CVE-2024-23104
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at...
SUSE CVE-2026-5907
Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. Chromium security severity: Low...
SUSE CVE-2026-5274
Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...
CVE-2026-5274
Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...
CVE-2026-5274
Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...
CVE-2026-5274
Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...