Lucene search
+L

94 matches found

redhat
redhat
added 2 days ago10 views

undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion,...

7.5CVSS6.9AI score0.00789EPSS
Exploits0References6
redhat
redhat
added 2026/06/25 2:49 a.m.6 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS6.7AI score0.00464EPSS
Exploits0References5
redhat
redhat
added 2026/06/22 8:17 p.m.7 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS6.7AI score0.00464EPSS
Exploits0References5
redhat
redhat
added 2026/06/22 6:34 a.m.10 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS6.7AI score0.00464EPSS
Exploits0References5
redhat
redhat
added 2026/06/17 8:59 a.m.7 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS6.4AI score0.00464EPSS
Exploits0References5
nvd
nvd
added 2026/05/25 3:16 p.m.21 views

CVE-2026-47073

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackneyws.erl imposes no upper bound on memory consumption in three code paths. First, readhandshakeresponse/3 accumulates received bytes into a growing buffer with n...

8.7CVSS0.00825EPSS
Exploits1References4
mscve
mscve
added 2026/05/16 8:4 a.m.21 views

PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory

...

8.8CVSS5.8AI score0.00464EPSS
Exploits0
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-3426

Malware in sbrugna...

5.9CVSS7.6AI score0.01771EPSS
Exploits1References15
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-3429

Malware in sbrugna...

4.9CVSS6.8AI score0.01697EPSS
Exploits1References15
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-3433

Malware in sbrugna...

5.5CVSS6.8AI score0.01522EPSS
Exploits1References15
osv
osv
added 2025/08/04 10:34 a.m.12 views

SUSE-SU-2025:02657-1 Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.8+9 July 2025 CPU: Security fixes: - CVE-2025-30749: several scenarios can lead to heap corruption bsc1246595 - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections bsc1246598 -...

8.6CVSS8.1AI score0.01058EPSS
Exploits1References10
nessus
nessus
added 2025/03/10 12:0 a.m.48 views

Amazon Linux 2 : openssh (ALAS-2025-2769)

The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2769 advisory. A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed ...

6.8CVSS7AI score0.06997EPSS
Exploits4References4
nessus
nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2019-3858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who...

9.1CVSS7.1AI score0.06448EPSS
Exploits0References3
nessus
nessus
added 2025/02/27 12:0 a.m.23 views

CBL Mariner 2.0 Security Update: openssh (CVE-2025-26465)

The version of openssh installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-26465 advisory. - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle...

6.8CVSS7AI score0.06997EPSS
Exploits4References2
nvd
nvd
added 2025/02/18 7:15 p.m.34 views

CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

6.8CVSS0.06997EPSS
Exploits4References27
alpinelinux
alpinelinux
added 2025/02/18 6:27 p.m.26 views

CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

6.8CVSS6.7AI score0.06997EPSS
Exploits4
f5
f5
added 2025/01/14 6:12 p.m.21 views

K000149288: libssh vulnerabilities CVE-2019-3859 and CVE-2019-3860

Security Advisory Description CVE-2019-3859 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

9.1CVSS8.4AI score0.06275EPSS
Exploits0Affected Software1
nessus
nessus
added 2025/01/14 12:0 a.m.12 views

F5 Networks BIG-IP : libssh vulnerabilities (K000149288)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the K000149288 advisory. CVE-2019-3859An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire...

9.1CVSS7AI score0.06275EPSS
Exploits0References3
osv
osv
added 2024/08/09 5:24 p.m.8 views

CLSA-2024-1723224273 freerdp: Fix of CVE-2021-41159

CVE-2021-41159: fix client out of memory...

8.8CVSS6.9AI score0.01346EPSS
Exploits0References1
ibm
ibm
added 2024/07/10 4:31 p.m.33 views

Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in an update for IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widge...

7.5CVSS10AI score0.07336EPSS
Exploits4Affected Software1
Rows per page
Query Builder