webtransport-go: Memory Exhaustion Attack due to Missing Length Check in WT_CLOSE_SESSION Capsule

Summary An attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WTCLOSESESSION capsule containing an excessively large Application Error Message. The implementation does not enforce the draft-mandated limit of 1024 bytes on this field, allowing ...

PT-2026-7930

AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to...

PT-2026-7868

Name of the Vulnerable Software and Affected Versions webtransport-go versions 0.3.0 through 0.9.0 Description webtransport-go’s session implementation is susceptible to excessive memory consumption. An attacker can send a WT CLOSE SESSION capsule containing an excessively large Application Error...

CVE-2020-37198

Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application...

CVE-2020-37177

BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler SEH. Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH...

CVE-2020-37198 Duplicate Cleaner Pro 4 - Denial of Service

Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application...

CVE-2020-37198

Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application...

CVE-2020-37177

CVE-2020-37177 describes a denial-of-service issue in BOOTP Turbo 2.0 where a crafted payload can overwrite the Structured Exception Handler (SEH), causing the application to crash and corrupt the SEH chain. The vulnerability is associated with a 2196-byte payload using specific byte patterns, en...

CLSA-2026-1770804474 Fix CVE(s): CVE-2025-69418, CVE-2025-69421, CVE-2026-22796

SECURITY UPDATE: The trailing 1-15 bytes of a message may be exposed incleartext on encryption and are not covered by the authentication tag,allowing an attacker to read or tamper with those bytes without detection - debian/patches/CVE-2025-69418.patch: fix OCB AES-NI/HW stream path...

[SECURITY] Fedora 42 Update: rust-bytes-1.11.1-1.fc42

Types and traits for working with bytes...

PT-2026-7711

TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash...

php: Stream HTTP wrapper truncates redirect location to 1024 bytes

A flaw was found in PHP. This vulnerability allows incorrect URL truncation and redirection to the wrong location via HTTP redirect handling due to a limited location buffer size...

[SECURITY] Fedora 43 Update: rust-bytes-1.11.1-1.fc43

Types and traits for working with bytes...

Fedora 43 : asciinema / atuin / bustle / envision / glycin / greetd / helix / etc (2026-f400579a21)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-f400579a21 advisory. - Update the time crate to version 0.3.47. - Update the time-macros crate to version 0.2.27. - Update the time-core crate to version 0.1.8. - Update...

Fedora 42 : atuin / bustle / envision / glycin / greetd / helix / etc (2026-6388b28850)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-6388b28850 advisory. - Update the time crate to version 0.3.47. - Update the time-macros crate to version 0.2.27. - Update the time-core crate to version 0.1.8. - Update...

CLSA-2026-1770668132 openssl: Fix of 2 CVEs

CVE-2025-69418: fix OCB AES-NI/HW stream path leaving trailing bytes unauthenticated/unencrypted by advancing pointers after stream processing - CVE-2025-69420: fix missing ASN1TYPE validation in TSRESPverifyresponse for signing certificate attributes...

ROS-20260209-73-0006

A vulnerability in the bytes.decode function of the Python programming language interpreter CPython is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to affect the availability of protected information...

ROS-20260209-73-0007

A vulnerability in the bytes.decode function of the Python programming language interpreter CPython is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to affect the availability of protected information...

ROS-20260209-73-0005

A vulnerability in the bytes.decode function of the Python programming language interpreter CPython is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to affect the availability of protected information...

ROS-20260209-73-0008

A vulnerability in the bytes.decode function of the Python programming language interpreter CPython is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to affect the availability of protected information...