Lucene search
K

524 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Handled the chunk tree lookup error in btrfsrelocatesyschunks. The unhandled case in the btrfsrelocatesyschunks loop is a corruption. This can only occur under two impossible conditions: - First, the search key is set t...

5.5CVSS6.3AI score0.0023EPSS
Exploits0References2
NVD
NVD
added 2026/05/16 4:16 p.m.23 views

CVE-2020-37239

libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call bablfree twice on the same pointer without triggering detection, as libc's malloc metadata overwrites...

9.8CVSS0.00459EPSS
Exploits0References4
OSV
OSV
added 2026/05/16 4:16 p.m.7 views

UBUNTU-CVE-2020-37239

libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call bablfree twice on the same pointer without triggering detection, as libc's malloc metadata overwrites...

9.8CVSS6AI score0.00459EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/16 4:16 p.m.10 views

CVE-2020-37239

libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call bablfree twice on the same pointer without triggering detection, as libc's malloc metadata overwrites...

9.8CVSS5.9AI score0.00459EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/16 3:25 p.m.13 views

EUVD-2020-31239

libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call bablfree twice on the same pointer without triggering detection, as libc's malloc metadata overwrites...

9.8CVSS6AI score0.00459EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.7 views

CVE-2020-37239 libbabl 0.1.62 Broken Double Free Detection Memory Safety

libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call bablfree twice on the same pointer without triggering detection, as libc's malloc metadata overwrites...

9.8CVSS6AI score0.00459EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.8 views

CVE-2020-37239

libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call bablfree twice on the same pointer without triggering detection, as libc's malloc metadata overwrites...

9.8CVSS6AI score0.00459EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/16 3:25 p.m.14 views

CVE-2020-37239

CVE-2020-37239 – libbabl 0.1.62 : The description identifies a memory-safety vulnerability in libbabl where a broken double-free detection can be bypassed by exploiting signature overwriting in freed chunks. Specifically, calling babl_free() twice on the same pointer may not trigger detection bec...

9.8CVSS6AI score0.00459EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/16 3:25 p.m.44 views

CVE-2020-37239 libbabl 0.1.62 Broken Double Free Detection Memory Safety

libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call bablfree twice on the same pointer without triggering detection, as libc's malloc metadata overwrites...

9.8CVSS0.00459EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: netty (UTSA-2026-017447)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017447 advisory. The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunk...

7.5CVSS6.8AI score0.0628EPSS
Exploits0References4
OSV
OSV
added 2026/05/05 11:41 p.m.8 views

CLSA-2026-1777974224 libwebp: Fix of 6 CVEs

CVE-2018-25009: fix out-of-bounds read in GetLE16 by validating VP8X chunk size - CVE-2018-25010: fix heap-based buffer overflow in ApplyFilter by limiting filter radius to image dimensions - CVE-2018-25011: fix heap-based buffer overflow in PutLE16 by rejecting multiple image chunks in ANMF...

9.8CVSS7.5AI score0.02513EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013487)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013487 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfsrelocatesyschunks The unhandled case in...

5.5CVSS5.6AI score0.0023EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.7 views

CVE-2026-40303

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request t...

7.5CVSS5.8AI score0.00453EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/17 10:41 p.m.4 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the endpoints.GetSessionCookie function. An attacker can exhaust system memory resources by sending specially crafted requests containing a large cookie chunk count, resulting in unbounded...

8.7CVSS5.5AI score0.00453EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:41 p.m.4 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the endpoints.GetSessionCookie function. An attacker can exhaust system memory resources by sending specially crafted requests containing a large cookie chunk count, resulting in unbounded...

8.7CVSS5.8AI score0.00453EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 10:41 p.m.9 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the endpoints.GetSessionCookie function. An attacker can exhaust system memory resources by sending specially crafted requests containing a large cookie chunk count, resulting in unbounded...

8.7CVSS5.5AI score0.00453EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 9:6 a.m.4 views

CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

8.7CVSS5.8AI score0.00758EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.6 views

PT-2026-33030

Name of the Vulnerable Software and Affected Versions BC-JAVA versions prior to 1.84 Description An issue in the bcpg modules allows for unbounded PGP AEAD chunk size, which can lead to pre-authentication resource exhaustion. Resource exhaustion occurs when a system lacks limits or throttling on...

9.9CVSS5.7AI score0.00758EPSS
Exploits4References117
EUVD
EUVD
added 2026/04/14 11:40 p.m.10 views

EUVD-2026-22243

Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing...

7.4CVSS5.8AI score0.01127EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/14 10:59 a.m.6 views

CVE-2026-2332

In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...

7.4CVSS5.8AI score0.01127EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder