117 matches found
EUVD-2026-41007
Multiple unbounded alloca calls in the PulseAudio protocol server...
TencentOS Server 3: httpd:2.4 (TSSA-2026:0498)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0498 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...
Tesla 安全漏洞
Tesla is an electric vehicle produced by the American company Tesla. Versions of Tesla from 1.3.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of resource allocation control in Tesla.Adapter.Mint, which could lead to denial-of-service attacks due to...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.318 Vulnerability Details CVEID:CVE-2020-25576 DESCRIPTION: An issue was discovered in the randcore crate before 0.4.2 for Rust. Casting of byte slices to integer slice...
Astra Linux – Vulnerability in WebKit2GTK
In WebKitGTK before 2.32.4, there is an incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, which leads to a segmentation violation and an application crash. This is a different vulnerability than CVE-2021-30889...
Progress Software MOVEit 安全漏洞
Progress Software MOVEit is a secure hosted file transfer software developed by Progress Software Corporation in the United States. Versions of Progress Software MOVEit prior to 2025.0.11, as well as versions from 2025.1.0 to 2025.1.7, contained security vulnerabilities. These vulnerabilities wer...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...
CVE-2026-4154
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2026-1376
IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources...
Security Bulletin: IBM i is affected by a denial of service vulnerability [CVE-2026-1376]
Summary IBM i is vulnerable to a denial of service using failed authentication connections due to improper allocation of resources CVE-2026-1376 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-1376 DESCRIPTION: IBM i could allow a remote attacker to cause a...
nodejs: Nodejs uninitialized memory exposure
A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...
CVE-2025-57708
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We hav...
CVE-2025-55131
CVE-2025-55131 relates to Node.js buffer allocation in the vm module with timeout, which can expose uninitialized memory in buffers (Buffer.alloc and Uint8Array) under specific timing. Connected advisories confirm the issue affects multiple Node.js packages across distributions (examples: nodejs1...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001041)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001041 advisory. The mpipowm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to caus...
CVE-2025-14933 NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability
NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2025-13945 Improperly Controlled Sequential Memory Allocation in Wireshark
HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service...
Important: Red Hat Security Advisory: expat security update
An update for expat is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Ubuntu 25.04 / 25.10 : FFmpeg vulnerability (USN-7871-1)
The remote Ubuntu 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7871-1 advisory. It was discovered that FFmpeg incorrectly handled memory allocation in the ALS audio decoder. If a user was tricked into loading a crafted media file, a remot...
Resource Allocation in Siemens RUGGEDCOM Allocation of Resources Without Limits or Throttling (CVE-2023-39269)
The web server of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause total loss of availability of the web server, which might recover after the attack is over. This plugin only works with Tenable.ot. Please visit...