65 matches found
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
GHSA-9H5V-PFQQ-X599 UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`
Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...
GHSA-76R6-X97P-67VR Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input
Summary russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing pre-banner lines from clients, and the reader did not enforce a bounded number of pre-banner...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the readExternal methods in the AE, SS, and ServerConfigurationPayload classes, all of which call builderWithExpectedSize without checking the size of the input. A cluster user wit...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
FreeBSD : Grafana -- OpenFeature evaluation API reads input data with no bounds (138319f3-5901-11f1-b525-3c7c3fba4204)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 138319f3-5901-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-27880 reports: The OpenFeature feature toggle...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
CVE-2026-43970
Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...
CVE-2026-6643
ASUSTOR ADM VPN clients (ADM 4.1.0–4.3.3.RR42 and 5.0.0–5.1.2.REO1) are affected by CVE-2026-6643 due to a stack-based buffer overflow caused by unbounded sscanf() and passing user-controlled data to printf() in vpnupload.cgi (upload_wireguard). The vulnerability can lead to code execution as the...
PT-2026-33722
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...
Updated polkit-122 packages fix security vulnerability
Denial of service via unbounded input processing through standard input. CVE-2026-4897...
MGASA-2026-0085 Updated polkit-122 packages fix security vulnerability
Denial of service via unbounded input processing through standard input. CVE-2026-4897...
BIT-GRAFANA-2026-27880 OpenFeature evaluation API reads input data with no bounds
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...
OpenFeature evaluation API reads input data with no bounds
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...
CVE-2026-27880 OpenFeature evaluation API reads input data with no bounds
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...
CVE-2026-27880 OpenFeature evaluation API reads input data with no bounds
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...
CVE-2026-27880
CVE-2026-27880 affects Grafana deployments via the OpenFeature feature toggle evaluation endpoint, which reads unbounded input into memory and can cause out-of-memory crashes. Public details in the connected Nessus entry specify affected Grafana versions: 12.1.x before 12.1.10, 12.2.x before 12.2...