Lucene search
K

1247 matches found

OSV
OSV
added 2026/07/06 2:7 p.m.3 views

SUSE-SU-2026:2779-1 Security update for bind

This update for bind fixes the following issues: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-5946: Invalid handling of CLASS != IN bsc1265594...

7.5CVSS6.7AI score0.0181EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:3 a.m.6 views

CVE-2026-58226

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS6.1AI score0.00438EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 4:6 p.m.8 views

CVE-2026-54887

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS5.8AI score0.00243EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/02 4:6 p.m.15 views

CVE-2026-54887

CVE-2026-54887 concerns Erlang/OTP's DTLS server in ssl, where during startup the cookie secret is initialized to an empty binary instead of a random value. This makes DTLS cookie computation deterministic for the first 0–15 seconds, allowing an observer of plaintext ClientHello to forge a valid ...

6.3CVSS5.8AI score0.00243EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/07/02 3:4 p.m.3 views

SUSE-SU-2026:2673-1 Security update for bind

This update for bind fixes the following issues: Security issues: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3593: Heap use-after-free vulnerabilit...

9.8CVSS6.7AI score0.01844EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.18 views

PT-2026-54519

Name of the Vulnerable Software and Affected Versions buffa affected versions not specified Description The buffa protobuf decoder contains a memory-amplification issue. A malformed message can cause the library to consume up to 22 times the expected amount of RAM, leading to a denial of service...

5.7AI score
Exploits0References4
OSV
OSV
added 2026/06/29 9:53 a.m.2 views

SUSE-SU-2026:2676-1 Security update for bind

This update for bind fixes the following issues - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-5946: Invalid handling of CLASS != IN bsc1265594. -...

9.8CVSS6.7AI score0.01844EPSS
Exploits1References11
OSV
OSV
added 2026/06/29 1:30 a.m.4 views

CVE-2026-13523 GPAC ISOBMFF base_encoding.c data amplification

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/baseencoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/29 1:30 a.m.40 views

CVE-2026-13523 GPAC ISOBMFF base_encoding.c data amplification

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/baseencoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the...

4.8CVSS0.00112EPSS
Exploits0References8
CVE
CVE
added 2026/06/29 1:30 a.m.29 views

CVE-2026-13523

GPAC (up to 26.02.0) is affected in the ISOBMFF Parser component, specifically the file src/utils/base_encoding.c. A manipulation can lead to data amplification, with local access required. The issue has a publicly available exploit and a remediation patch has been released. Vendor-provided fix a...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

SUSE SLES16: bind / bind-doc / bind-modules-generic / bind-modules-ldap / etc (SUSE-SU-2026:22198-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22198-1 advisory. This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion durin...

9.8CVSS5.8AI score0.01844EPSS
Exploits1References19
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

SUSE SLES15 Security Update : bind (SUSE-SU-2026:2616-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2616-1 advisory. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3039: BIND 9 server memory...

7.5CVSS5.9AI score0.0181EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52845

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.32 Description A Denial of Service DoS issue exists in the AITextSummarizerBlock component. This occurs because the system allows input amplification, where a relatively small amount of content can lead to excessi...

5.3CVSS5.8AI score0.00247EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 9:3 a.m.2 views

SUSE-SU-2026:2617-1 Security update for bind

This update for bind fixes the following issues: - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-5946: Invalid handling of CLASS != IN bsc1265594...

7.5CVSS5.8AI score0.0181EPSS
Exploits0References7
OSV
OSV
added 2026/06/24 9:3 a.m.3 views

SUSE-SU-2026:2616-1 Security update for bind

This update for bind fixes the following issues: - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-5946: Invalid handling of CLASS != IN bsc1265594...

7.5CVSS5.8AI score0.0181EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/22 4:19 p.m.36 views

CVE-2026-54270 protobufjs: Memory amplification from preserved unknown fields in binary decode

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown...

5.3CVSS0.00293EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 4:19 p.m.3 views

CVE-2026-54270 protobufjs: Memory amplification from preserved unknown fields in binary decode

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown...

5.3CVSS6AI score0.00293EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 5:40 a.m.4 views

BIT-ENVOY-2026-47774 Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS6AI score0.00815EPSS
Exploits1References11
OSV
OSV
added 2026/06/20 6:54 a.m.2 views

OPENSUSE-SU-2026:21123-1 Security update for bind

This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3593: Heap use-after-free...

9.8CVSS6.7AI score0.01844EPSS
Exploits1References12
OSV
OSV
added 2026/06/20 6:53 a.m.2 views

SUSE-SU-2026:22198-1 Security update for bind

This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3593: Heap use-after-free...

9.8CVSS5.8AI score0.01844EPSS
Exploits1References13
Rows per page
Query Builder