Lucene search
K

651 matches found

Github Security Blog
Github Security Blog
added 2026/04/29 6:30 p.m.20 views

OpenTelemetry.Resources.Azure has an unbounded HTTP response body read

Summary OpenTelemetry.Resources.Azure reads unbounded HTTP response bodies from the Azure VM remote instance metadata service endpoint into memory. This would allow an attacker-controlled endpoint or one acting as a Man-in-the-Middle MitM to cause excessive memory allocation and possible process...

5.9CVSS5.5AI score0.00323EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-261 Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter...

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading ...

4.7CVSS8AI score0.00152EPSS
Exploits1References8
CVE
CVE
added 2026/04/22 1:48 p.m.19 views

CVE-2026-33594

CVE-2026-33594 describes a memory exhaustion issue where a client floods a DoH backend with queries, causing excess memory allocation as queries accumulate in a buffer that is only released at the end of the connection. The connected sources confirm the root cause (buffer growth tied to overloade...

7.5CVSS6AI score0.00371EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 1:48 p.m.14 views

CVE-2026-33594 Outgoing DoH excessive memory allocation

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection...

5.3CVSS6AI score0.00371EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/22 1:48 p.m.3 views

CVE-2026-33594

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection...

7.5CVSS6AI score0.00371EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34438

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A client can trigger excessive memory allocation by generating a large volume of queries routed to an overloaded DNS over HTTPS DoH backend. This causes queries ...

7.5CVSS5.4AI score0.00371EPSS
Exploits0References48
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

PowerDNS DNSdist 安全漏洞

PowerDNS DNSdist is a proxy software provided by PowerDNS that offers capabilities for DNS traffic load balancing and security protection. PowerDNS DNSdist has a security vulnerability that stems from the ability of clients to trigger excessive memory allocation by generating a large number of...

7.5CVSS5.9AI score0.00371EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 5:56 p.m.8 views

EUVD-2026-24217

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers /api/state, /api/restore, and /api/history-svg that process incoming requests by accumulating the entire request body into a...

6.2CVSS5.8AI score0.00146EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.6 views

CVE-2026-40481

monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. A remote unauthenticated attacker can send oversized POST payloads to cause uncontrolled...

8.2CVSS5.7AI score0.00446EPSS
Exploits1References1
NVD
NVD
added 2026/04/17 11:16 p.m.8 views

CVE-2026-40481

monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. A remote unauthenticated attacker can send oversized POST payloads to cause uncontrolled...

8.2CVSS0.00446EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/15 7:24 p.m.4 views

CVE-2026-32216

Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally...

5.5CVSS5.8AI score0.00366EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 6:30 p.m.5 views

EUVD-2026-22599

Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally...

5.5CVSS5.7AI score0.00366EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 6:17 p.m.2 views

CVE-2026-32216

Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally...

5.5CVSS0.00366EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 4:57 p.m.17 views

CVE-2026-32216

CVE-2026-32216 is a Windows Redirected Drive Buffering vulnerability caused by a null pointer dereference, enabling an authorized, local attacker to perform a Denial of Service. Affected software is Windows (Redirected Drive Buffering component); impact is local DoS as described in sources. Micro...

5.5CVSS5.7AI score0.00366EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/14 4:57 p.m.22 views

CVE-2026-32216 Windows Redirected Drive Buffering System Denial of Service Vulnerability

...

5.5CVSS0.00366EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 4:57 p.m.1 views

CVE-2026-32216

Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally...

5.5CVSS5.7AI score0.00366EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 4:57 p.m.3 views

CVE-2026-32216 Windows Redirected Drive Buffering System Denial of Service Vulnerability

...

5.5CVSS6.2AI score0.00366EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.3 views

Windows Redirected Drive Buffering System Denial of Service Vulnerability

Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally...

5.5CVSS6.2AI score0.00366EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Microsoft Windows Redirected Drive Buffering 代码问题漏洞

Microsoft Windows Redirected Drive Buffering is a core network file system component of the American company Microsoft, providing support and buffering management for various network micro-redirector drivers, such as the SMB protocol. There are code-related vulnerabilities in Microsoft Windows...

5.5CVSS5.8AI score0.00366EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.10 views

PT-2026-32859

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to cause a local denial of service, which can lead to system crashes or connection failures...

5.5CVSS6.2AI score0.00366EPSS
Exploits0References7
Rows per page
Query Builder