Lucene search
K

522 matches found

RedHat Linux
RedHat Linux
added last week3 views

netty-codec-redis: Netty: Denial of Service via malicious Redis array header

A flaw was found in Netty, a network application framework. The RedisArrayAggregator component pre-allocates memory based on the declared element count in a Redis array header. A remote attacker can exploit this by sending a small, malicious Redis array header that claims a huge initial capacity,...

7.5CVSS7.1AI score0.0038EPSS
Exploits0References7
NVD
NVD
added 2026/07/02 10:16 a.m.6 views

CVE-2026-13252

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'aspectRatio' Attribute in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. Th...

6.4CVSS0.00274EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.45 views

CVE-2026-13252 RSS Aggregator by Feedzy <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aspectRatio' Attribute

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'aspectRatio' Attribute in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. Th...

6.4CVSS0.00274EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/07/01 8:8 p.m.5 views

WordPress RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin Feedzy versions = 5.2.1...

6.4CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/27 1:51 a.m.12 views

CVE-2026-52975

A flaw was found in the Linux kernel's bonding 3ad module. This vulnerability is due to a data-race condition caused by improper Read-Copy-Update RCU implementation in the port-aggregator component. An attacker could potentially exploit this to cause system instability or unexpected behavior...

7.8CVSS5.8AI score0.00138EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 6:32 p.m.4 views

EUVD-2026-38843

In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at lack of proper RCU implementation. Add rcu qualifier to port-aggregato...

5.7AI score0.00138EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-52975

In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at lack of proper RCU implementation. Add rcu qualifier to port-aggregato...

7.8CVSS0.00138EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:28 p.m.6 views

CVE-2026-52975

In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at lack of proper RCU implementation. Add rcu qualifier to port-aggregato...

7.8CVSS5.7AI score0.00138EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/06/24 4:28 p.m.2 views

CVE-2026-52975 bonding: 3ad: implement proper RCU rules for port->aggregator

In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at lack of proper RCU implementation. Add rcu qualifier to port-aggregato...

7.8CVSS5.8AI score0.00138EPSS
Exploits0References9
CVE
CVE
added 2026/06/24 4:28 p.m.11 views

CVE-2026-52975

The CVE concerns the Linux kernel bonding 3ad module. A data-race was found in bond_3ad_get_active_agg_info / bond_3ad_state_machine_handler due to insufficient Read-Copy-Update (RCU) handling for port-&gt;aggregator. The fix adds the __rcu qualifier to port-&gt;aggregator and uses proper RCU API...

7.8CVSS5.7AI score0.00138EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/24 4:28 p.m.33 views

CVE-2026-52975 bonding: 3ad: implement proper RCU rules for port->aggregator

In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port-aggregator syzbot found a data-race in bond3adgetactiveagginfo / bond3adstatemachinehandler 1 which hints at lack of proper RCU implementation. Add rcu qualifier to port-aggregato...

7.8CVSS0.00138EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51869

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A data race exists in the bonding 3ad implementation due to improper Read-Copy-Update RCU rules for the port-aggregator variable. This issue was identified in the bond 3ad get active agg...

7.8CVSS5.8AI score0.00138EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add a missing call to ssamrequestsyncfree Although rare, ssamrequestsyncinit can fail. In that case, the request should be freed using ssamrequestsyncfree. Currently, the request is instead leaked. F...

5.5CVSS5.8AI score0.00239EPSS
Exploits0References2
Veracode
Veracode
added 2026/06/16 6:48 p.m.11 views

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to RedisArrayAggregator pre-allocating an ArrayList based on an untrusted RESP array element count from the network, which allows an attacker to trigger excessive memory allocation and exhaust system resources by sending a...

7.5CVSS5.2AI score0.0038EPSS
Exploits0References9Affected Software1
Snyk
Snyk
added 2026/06/12 4:39 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in RedisArrayAggregator. An attacker who sends a small RESP array header declaring a very large element count can force the aggregator to reserve a large ArrayList via the...

8.7CVSS5.3AI score0.0038EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 4:16 p.m.23 views

CVE-2026-50011

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken fro...

7.5CVSS0.0038EPSS
Exploits0References7
OSV
OSV
added 2026/06/12 4:16 p.m.6 views

UBUNTU-CVE-2026-50011

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken fro...

7.5CVSS5.3AI score0.0038EPSS
Exploits0References5
Veracode
Veracode
added 2026/06/12 2:58 p.m.12 views

Direct-Memory Resource Leak

RedisArrayAggregator is vulnerable to a direct-memory resource leak. The vulnerability is due to unreleased pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregation completes, which allows an attacker to repeatedly trigger connection churn and exhaust t...

8.7CVSS5.2AI score0.005EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/06/12 2:52 p.m.57 views

CVE-2026-50011

Netty CVE-2026-50011 affects RedisArrayAggregator in Netty (prior to 4.1.135.Final and 4.2.15.Final). A RESP header can claim a large initial ArrayList capacity, taken from the wire before child messages exist, enabling unbounded pre-allocation. This can cause memory consumption issues. The issue...

7.5CVSS5.3AI score0.0038EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 2:36 p.m.16 views

CVE-2026-48006 Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

8.7CVSS5.3AI score0.005EPSS
Exploits0References3
Rows per page
Query Builder