Lucene search
K

2484 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in gdcm

There is an out-of-bounds write vulnerability in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to exploit this vulnerability...

9.8CVSS8.1AI score0.01474EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in pypdf2

PyPDF2 is an open-source Python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5, an attacker who exploited this vulnerability could create a PDF that would cause an infinite loop if the PyPDF2 code attempted to access the...

6.2CVSS6AI score0.01279EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Cache streams targeting the link when performing LT automation REASON The last LT automation update may cause a crash by referencing currentstate and calling dcupdateplanesandstream, which may corrupt currentstat...

5.2AI score0.00155EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: zstd – fix double-free in per-CPU stream cleanup The crypto/zstd module contains a double-free bug that occurs when multiple tfms are allocated and freed. The issue arises because the zstdstreams per-CPU contexts are free...

5.2AI score0.00169EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Chromium

Before version 125.0.6422.141, the Streams API in Google Chrome allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00892EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the Media streams API in Google Chrome prior to version 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS7.6AI score0.01477EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When accessing throttled streams, the number of available bytes that need to be checked in the calling function must be within limits. This may cause future code to be incorrect and vulnerable. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

6.5CVSS6.8AI score0.0061EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciconn: now returns ERRPTR instead of NULL when there is no link. Currently, hciconnectsco returns NULL when there is no link i.e., when hciconnlink returns NULL. scoconnect expects ERRPTR in case of any error see...

5.4AI score0.00152EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in libgit2

A issue was discovered in libgit2 before versions 0.28.4 and 0.9x before version 0.99.0. path.c improperly handles equivalent filenames that exist due to NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352...

9.8CVSS9.1AI score0.0511EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Samba

A flaw was discovered in Samba, specifically in the vfsstreamsxattr module. In this module, uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content, which may include sensitive data, resulting in an information...

4.3CVSS7.5AI score0.00421EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51098

Name of the Vulnerable Software and Affected Versions py7zr versions prior to 1.1.3 Description A denial of service issue exists where a crafted .7z archive with a large numstreams value causes excessive CPU consumption. This occurs because the PackInfo. read function in archiveinfo.py uses an On...

6.9CVSS5.9AI score
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.9 views

netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a large number of HTTP/2 stream requests to a Netty HTTP/2 server. If the server does not explicitly limit concurrent streams, it can lead to the allocation of numerous long-liv...

5.3CVSS5.3AI score0.00292EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.5 views

netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a large number of HTTP/2 stream requests to a Netty HTTP/2 server. If the server does not explicitly limit concurrent streams, it can lead to the allocation of numerous long-liv...

5.3CVSS5.3AI score0.00292EPSS
Exploits0References7
Veracode
Veracode
added 2026/06/16 7:23 p.m.8 views

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to improper management of blocked streams in the HTTP/3 codec, which allows an attacker to create an unlimited number of blocked streams and exhaust memory, leading to an out-of-memory condition and service disruption...

7.5CVSS5.2AI score0.00366EPSS
Exploits0References7Affected Software1
Malwarebytes
Malwarebytes
added 2026/06/16 1:0 p.m.22 views

“Free World Cup stream” sites are serving scams, not football

With the World Cup on, you'll find no shortage of websites promising every match, live, in HD, for free. They look convincing, usually with a video player, a "Live Stream Available" indicator, a row of server buttons, maybe a match schedule, and a "Watch Live" button. There's no signup, no paywal...

5.6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.9 views

SUSE CVE-2026-47244

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

5.3CVSS5.2AI score0.00292EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 8:43 p.m.6 views

GHSA-4GRM-H2QV-H6W6 Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

Summary A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Details The vulnerability exists in io.netty.handler.codec.http3.QpackDecodershouldWaitForDynamicTableUpdates: If a client sends a header...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 8:43 p.m.10 views

EUVD-2026-36459

Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion...

7.5CVSS5.2AI score0.00366EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/15 8:43 p.m.9 views

Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

Summary A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Details The vulnerability exists in io.netty.handler.codec.http3.QpackDecodershouldWaitForDynamicTableUpdates: If a client sends a header...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/15 5:17 p.m.8 views

Directory Traversal

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal due to improper checks for file system paths on Windows platforms in isFileLoadingAllowed function. An attacker can obtain sensitive file contents by bypassing path...

8.2CVSS6.5AI score0.00393EPSS
Exploits1References2
Rows per page
Query Builder