Lucene search
K

45 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.11 views

CVE-2026-41484

OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the...

5.9CVSS5.5AI score0.00338EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow, because getstdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: Exploitation may be impractical due to the execution time required to cause an overflow multiple days...

7.8CVSS7.9AI score0.00468EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.12 views

Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: No limit was enforced on the request body for WebDAV LOCK or PROPFIND requests which were available to...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References10Affected Software3
OSV
OSV
added 2026/05/12 6:30 p.m.8 views

GHSA-GX5V-XP9W-J4CG Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: No limit was enforced on the request body for WebDAV LOCK or PROPFIND requests which were available to...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/05 12:26 a.m.13 views

EUVD-2026-25602

Axios: HTTP adapter streamed responses bypass maxContentLength...

5.3CVSS5.8AI score0.00421EPSS
Exploits1References2
NVD
NVD
added 2026/04/23 6:16 p.m.7 views

CVE-2026-40182

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

5.9CVSS0.00304EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/22 1:36 a.m.12 views

SUSE CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

6.1CVSS5.9AI score0.00218EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 8:27 p.m.9 views

EUVD-2026-24483

Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/20 1:54 p.m.7 views

CVE-2026-40333

A flaw was found in libgphoto2, a library used for camera access and control. Two functions within the library's Picture Transfer Protocol PTP handling component do not properly validate the size of data being read, allowing for unbounded reads. A local attacker with physical access to a system...

6.1CVSS5.7AI score0.00218EPSS
Exploits0References5
NVD
NVD
added 2026/04/18 12:16 a.m.7 views

CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

6.1CVSS0.00218EPSS
Exploits0References2
OSV
OSV
added 2026/04/18 12:16 a.m.9 views

DEBIAN-CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

6.1CVSS5.5AI score0.00218EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/17 11:11 p.m.5 views

CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

6.1CVSS5.5AI score0.00218EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/17 11:11 p.m.5 views

CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

6.1CVSS5.9AI score0.00218EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/17 11:11 p.m.10 views

EUVD-2026-23581

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

6.1CVSS5.9AI score0.00218EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.11 views

PT-2026-33523

Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34 Description Two functions in camlibs/ptp2/ptp-pack.c accept a data pointer without a length parameter, leading to unbounded reads. The calling function ptp unpack EOS events possesses the xsize variable but...

6.1CVSS5.9AI score0.00218EPSS
Exploits0References19
OSV
OSV
added 2026/04/09 5:32 p.m.6 views

GHSA-H749-FXX7-PWPG MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing

Impact What kind of vulnerability is it? Who is impacted? MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function calls bufio.Reader.ReadBytes'\n' with no size limit, buffering the...

7.1CVSS5.8AI score0.00485EPSS
Exploits0References6
NVD
NVD
added 2026/04/08 9:16 p.m.15 views

CVE-2026-39414

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

7.1CVSS0.00485EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/08 8:5 p.m.20 views

CVE-2026-39414 MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

7.1CVSS0.00485EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:22 p.m.6 views

CVE-2026-33034

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

5.9AI score0.00769EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.5 views

EulerOS 2.0 SP12 : golang (EulerOS-SA-2026-1363)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a respon...

7.5CVSS5.9AI score0.00626EPSS
Exploits2References11
Rows per page
Query Builder