Lucene search
+L

623 matches found

nessus
nessus
added 3 days ago4 views

openSUSE 16: apache2-mod_php8 / php8 / php8-bcmath / php8-bz2 / php8-calendar / etc (openSUSE-SU-2026:21308-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21308-1 advisory. This update for php8 fixes the following issues - Update to versio 8.4.23 - CVE-2026-14355: The AES-WRAP-PAD algorithm implementation in OpenSSL...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References6
osv
osv
added last week2 views

DEBIAN-CVE-2026-55213

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...

7.5CVSS6.2AI score0.00343EPSS
Exploits0References1
snyk
snyk
added last week4 views

Allocation of Resources Without Limits or Throttling

Overview adm-zip is a JavaScript implementation for zip data compression for NodeJS. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in zipEntry.js and entryHeader.js, which size a Buffer.alloc call directly from the uncompressed-size field...

8.7CVSS6.1AI score0.00432EPSS
Exploits0References2
snyk
snyk
added last week6 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:adm-zip is a JavaScript implementation for zip data compression for NodeJS. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in zipEntry.js and entryHeader.js, which size a Buffer.alloc call directly from the...

8.7CVSS6.1AI score0.00432EPSS
Exploits0References2
attackerkb
attackerkb
added last week2 views

CVE-2026-55782

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and custom-name length fields without validating them against...

2.4CVSS6.1AI score0.00113EPSS
Exploits0References6Affected Software1
ptsecurity
ptsecurity
added 2026/07/10 12:0 a.m.10 views

PT-2026-57215

Name of the Vulnerable Software and Affected Versions adm-zip versions prior to 0.5.18 Description A denial-of-service issue exists when parsing crafted ZIP files with a manipulated uncompressed size header field. The library allocates memory based on the declared uncompressed size from the ZIP...

7.5CVSS6.1AI score0.00432EPSS
Exploits0References5
osv
osv
added 2026/07/08 11:35 a.m.6 views

BIT-PHP-MIN-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/03 8:57 p.m.91 views

CVE-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS0.00306EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/26 8:45 a.m.5 views

CVE-2026-53227

A flaw was found in the Linux kernel's Open vSwitch OVS component. This issue occurs due to incorrect error handling during the allocation of a 'reply' skb socket buffer after locking the ovsmutex. If the allocation fails, an invalid pointer may be passed to kfreeskb, leading to a system crash an...

5.5CVSS5.7AI score0.00136EPSS
Exploits0References4
osv
osv
added 2026/06/25 8:38 a.m.3 views

CVE-2026-53132 vsock/virtio: fix potential unbounded skb queue

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtiotransportincrxpkt checks vvs-rxbytes + len vvs-bufalloc. virtiotransportrecvenqueue skips coalescing for packets with VIRTIOVSOCKSEQEOM. If fed with packets with len == 0 and...

7.1CVSS5.8AI score0.0014EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.8 views

PT-2026-52461

Name of the Vulnerable Software and Affected Versions List::SomeUtils::XS versions prior to 0.59 Description A heap buffer overflow exists in the pairwise function. The function collects values returned by a block into a heap buffer sized according to the longer input array. When the buffer needs...

7.5CVSS6AI score0.00419EPSS
Exploits0References22
cve
cve
added 2026/06/24 4:30 p.m.10 views

CVE-2026-53102

Summary of CVE-2026-53102 (Linux kernel / wifi: mt76): The vulnerability concerns a memory leak in the mt76 driver for the mt76 wireless stack. Specifically, in mt76_connac_mcu_alloc_sta_req(), an skb allocated for MCU messaging is expected to be freed by mt76_mcu_skb_send_msg(), but if intermedi...

5.8AI score0.00156EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker – fixed potential out-of-bounds access issues. In the pegasusnotetaker driver, the pegasusprobe function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An...

5.9AI score0.00192EPSS
Exploits0References3
nvd
nvd
added 2026/06/22 10:16 p.m.11 views

CVE-2026-48510

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...

7.5CVSS0.00236EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/22 9:16 p.m.7 views

CVE-2026-48510

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/06/22 12:0 a.m.16 views

PT-2026-51394

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description When decompressing Lz4Block or Lz4BlockArray payloads, the software reads declared uncompressed lengths from the wire and allocates output buffer...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References7
osv
osv
added 2026/06/18 9:16 p.m.9 views

DEBIAN-CVE-2026-45696

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...

6.5CVSS6AI score0.00263EPSS
Exploits1References1
redhat
redhat
added 2026/06/17 11:5 p.m.13 views

netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...

7.5CVSS5.4AI score0.00461EPSS
Exploits0References7
redhat
redhat
added 2026/06/17 4:18 p.m.15 views

netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...

7.5CVSS5.4AI score0.00461EPSS
Exploits0References7
redhat
redhat
added 2026/06/17 3:45 p.m.12 views

netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...

7.5CVSS5.4AI score0.00461EPSS
Exploits0References7
Rows per page
Query Builder