4001 matches found
GHSA-HMRH-MQV8-RVVR vulnerabilities
Vulnerabilities for packages: firefox...
GHSA-5M8F-M8JV-3RP3 vulnerabilities
Vulnerabilities for packages: openssl, libcrypto3-2.34...
GHSA-RPJ2-P5PJ-R33V vulnerabilities
Vulnerabilities for packages: openssl, libcrypto3-2.34...
CVE-2026-42765 vulnerabilities
Vulnerabilities for packages: openssl, libcrypto3-2.34...
CVE-2026-42766 vulnerabilities
Vulnerabilities for packages: openssl, libcrypto3-2.34...
bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone
A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users...
CVE-2026-47240 vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, ruby3.3-rails, ruby3.2-rails, kube-logging-operator, kube-fluentd-operator, ruby3.4-rails...
CVE-2026-46705 vulnerabilities
Vulnerabilities for packages: yazi...
ROS-20260611-73-0038
The vulnerability in freerdp3 is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
ROS-20260611-73-0030
The vulnerability in freerdp3 is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
ROS-20260611-73-0025
The vulnerability in freerdp is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2026-46520
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out of bounds heap write can occur. This issue has been patched in versions 6.9.13-48 and 7.1.2-23...
org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests
A flaw was found in org.eclipse.jetty. A remote attacker can exploit this vulnerability by sending a compressed HTTP request with Content-Encoding: gzip when the server's response is not compressed. This prevents the release of the JDK Inflater, leading to a resource leak. This resource exhaustio...
CVE-2026-48860
Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...
CVE-2026-11884
A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer size calculations in readschemadse and schemaoctostring, but the field is still written via strcat. An attacker with Directory Manager...
CVE-2026-53689
libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfszdrstring in lib/libnfs-zdr.c...
SUSE CVE-2026-11688
Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-11700
Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-43951
Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...
ROS-20260610-73-0028
The vulnerability in Thunderbird is related to the use of an uninitialized resource. Exploiting this vulnerability can allow an attacker to cause a service failure...