2484 matches found
Astra Linux – Vulnerability in gdcm
There is an out-of-bounds write vulnerability in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to exploit this vulnerability...
Astra Linux – Vulnerability in pypdf2
PyPDF2 is an open-source Python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5, an attacker who exploited this vulnerability could create a PDF that would cause an infinite loop if the PyPDF2 code attempted to access the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Cache streams targeting the link when performing LT automation REASON The last LT automation update may cause a crash by referencing currentstate and calling dcupdateplanesandstream, which may corrupt currentstat...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: zstd – fix double-free in per-CPU stream cleanup The crypto/zstd module contains a double-free bug that occurs when multiple tfms are allocated and freed. The issue arises because the zstdstreams per-CPU contexts are free...
Astra Linux – Vulnerability in Chromium
Before version 125.0.6422.141, the Streams API in Google Chrome allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the Media streams API in Google Chrome prior to version 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Firefox and Thunderbird
When accessing throttled streams, the number of available bytes that need to be checked in the calling function must be within limits. This may cause future code to be incorrect and vulnerable. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciconn: now returns ERRPTR instead of NULL when there is no link. Currently, hciconnectsco returns NULL when there is no link i.e., when hciconnlink returns NULL. scoconnect expects ERRPTR in case of any error see...
Astra Linux – Vulnerability in libgit2
A issue was discovered in libgit2 before versions 0.28.4 and 0.9x before version 0.99.0. path.c improperly handles equivalent filenames that exist due to NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352...
Astra Linux – Vulnerability in Samba
A flaw was discovered in Samba, specifically in the vfsstreamsxattr module. In this module, uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content, which may include sensitive data, resulting in an information...
PT-2026-51098
Name of the Vulnerable Software and Affected Versions py7zr versions prior to 1.1.3 Description A denial of service issue exists where a crafted .7z archive with a large numstreams value causes excessive CPU consumption. This occurs because the PackInfo. read function in archiveinfo.py uses an On...
netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams
A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a large number of HTTP/2 stream requests to a Netty HTTP/2 server. If the server does not explicitly limit concurrent streams, it can lead to the allocation of numerous long-liv...
netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams
A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a large number of HTTP/2 stream requests to a Netty HTTP/2 server. If the server does not explicitly limit concurrent streams, it can lead to the allocation of numerous long-liv...
Denial Of Service (DoS)
Netty is vulnerable to Denial of Service DoS. The vulnerability is due to improper management of blocked streams in the HTTP/3 codec, which allows an attacker to create an unlimited number of blocked streams and exhaust memory, leading to an out-of-memory condition and service disruption...
“Free World Cup stream” sites are serving scams, not football
With the World Cup on, you'll find no shortage of websites promising every match, live, in HD, for free. They look convincing, usually with a video player, a "Live Stream Available" indicator, a row of server buttons, maybe a match schedule, and a "Watch Live" button. There's no signup, no paywal...
SUSE CVE-2026-47244
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...
GHSA-4GRM-H2QV-H6W6 Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion
Summary A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Details The vulnerability exists in io.netty.handler.codec.http3.QpackDecodershouldWaitForDynamicTableUpdates: If a client sends a header...
EUVD-2026-36459
Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion...
Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion
Summary A memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creation of an infinite number of blocked streams, which can cause OOM error. Details The vulnerability exists in io.netty.handler.codec.http3.QpackDecodershouldWaitForDynamicTableUpdates: If a client sends a header...
Directory Traversal
Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal due to improper checks for file system paths on Windows platforms in isFileLoadingAllowed function. An attacker can obtain sensitive file contents by bypassing path...