3644 matches found
CVE-2026-29785
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...
UBUNTU-CVE-2026-29785
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...
CVE-2026-29785
CVE-2026-29785 affects the NATS-Server (NATS.io) prior to versions 2.11.14 and 2.12.5. When leafnode is enabled (not default) and compression is enabled (default with leafnodes), an unauthenticated attacker who can connect can crash the server by triggering a panic. The condition is pre-authentic...
CVE-2026-29785 NATS Server panic via malicious compression on leafnode port
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...
CVE-2026-29785
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...
CVE-2026-29785
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...
CVE-2026-29785
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...
CVE-2026-29785 NATS Server panic via malicious compression on leafnode port
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...
CVE-2026-29785 NATS Server panic via malicious compression on leafnode port
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...
Nats-Server 代码问题漏洞
Nats-Server is a high-performance server developed by Nats Open Source, used in Nats.io, cloud, and edge native messaging systems. There were code-related vulnerabilities in versions prior to Nats-Server 2.11.14 and 2.12.5. These vulnerabilities stemmed from improper compression handling when the...
GHSA-52JH-2XXH-PWH6 NATS Server panic via malicious compression on leafnode port
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. When configured to accept leafnode connections for a hub/spoke topology of multiple nats-servers, then the default configuration allows for...
NATS Server panic via malicious compression on leafnode port
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. When configured to accept leafnode connections for a hub/spoke topology of multiple nats-servers, then the default configuration allows for...
NULL Pointer Dereference
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the compression process on the leafnode port. An attacker can...
PT-2026-27612
Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.14 NATS-Server versions prior to 2.12.5 Description NATS-Server, a high-performance messaging system, is susceptible to a server panic when configured as a leafnode. This occurs pre-authentication and require...
UBUNTU-CVE-2026-32829
lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...
lz4_flex 安全漏洞
lz4flex is a high-performance LZ4 compression library written by PSeitz’s individual developers in the Rust language. Versions of lz4flex prior to 0.11.5 and 0.12.0 contain security vulnerabilities. These vulnerabilities stem from improper decompression of LZ4 data, leading to out-of-bounds read...
[SECURITY] Fedora 44 Update: mac-12.50-1.fc44
Monkey's Audio is a fast and easy way to compress digital music. Unlike traditional methods such as mp3, ogg, or lqt that permanently discard quality to save space, Monkey's Audio only makes perfect, bit-for-bit copies of your music. That means it always sounds perfect =E2=80=93 exactly t he same...
CVE-2026-31973
SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the cramdecodecompressionheader was missing. If the function returned ...
CVE-2026-31966
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...
CVE-2026-31966
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...