Lucene search
K

3715 matches found

EUVD
EUVD
added 2026/04/02 8:32 p.m.5 views

EUVD-2026-18378

Rack has quadratic complexity in Rack::Utils.selectbestencoding via wildcard Accept-Encoding header...

5.3CVSS5.8AI score0.0043EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/02 8:32 p.m.7 views

Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

Summary Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a response encoding, an unauthenticated attacker can send a single request with a crafted...

7.5CVSS6.6AI score0.0043EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/02 7:21 p.m.3 views

CVE-2026-34743

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that contained no Records, the resulting lzmaindex was left in a state where where a subsequent lzmaindexappend would allocate too little...

6.3CVSS0.00351EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/04/02 8:6 a.m.6 views

NATS Server panic via malicious compression on leafnode port

...

7.5CVSS6.3AI score0.00658EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/02 6:12 a.m.4 views

CVE-2026-34545

A flaw was found in OpenEXR, an image storage format for the motion picture industry. An attacker can exploit this vulnerability by providing a specially crafted .exr file with HTJ2K compression and a specific channel width. This allows controlled data to be written beyond the output heap buffer,...

8.8CVSS6.5AI score0.00611EPSS
Exploits1References6
RubySec
RubySec
added 2026/04/02 12:0 a.m.9 views

Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

Summary Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a response encoding, an unauthenticated attacker can send a single request with a crafted...

7.5CVSS6.5AI score0.01996EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-34545

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version...

8.8CVSS6.6AI score0.00611EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/04/01 9:17 p.m.4 views

CVE-2026-34545

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...

8.4CVSS6.1AI score0.00611EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/01 8:51 p.m.6 views

EUVD-2026-18062

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...

8.4CVSS6.5AI score0.00611EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 10:11 a.m.9 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to urllib3

Summary The urllib3 library is used by IBM Cloud Pak for Data System 1.0 to provide HTTP client functionality for Python applications. Multiple vulnerabilities affect urllib3. CVE-2025-66418 involves allocation of resources without limits or throttling. CVE-2025-66471 and CVE-2026-21441 both rela...

8.9CVSS6.9AI score0.02667EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2026/03/31 6:49 p.m.6 views

K000160551: OpenSSL vulnerability CVE-2025-66199

Security Advisory Description Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of ...

5.9CVSS6.8AI score0.00403EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/03/31 11:31 a.m.3 views

CVE-2024-14031 Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library

Sereal::Encoder versions from 4.000 through 4.009002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library. Sereal::Encoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of...

7.3AI score0.00355EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/03/31 11:31 a.m.3 views

CVE-2024-14031

Sereal::Encoder versions from 4.000 through 4.009002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Encoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prio...

8.1CVSS8AI score0.00355EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/31 11:31 a.m.5 views

CVE-2024-14030

Sereal::Decoder versions from 4.000 through 4.009002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library. Sereal::Decoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of...

8.1CVSS6AI score0.01424EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/03/31 11:31 a.m.3 views

CVE-2024-14030

Sereal::Decoder versions from 4.000 through 4.009002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Decoder embeds a version of the Zstandard zstd library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prio...

8.1CVSS8AI score0.00355EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.6 views

PT-2026-29223

Name of the Vulnerable Software and Affected Versions Sereal::Encoder versions 4.000 through 4.009 002 Description Sereal::Encoder for Perl includes a vulnerable version of the Zstandard zstd library. A race condition exists in the one-pass compression functions of Zstandard versions prior to...

8.1CVSS7.2AI score0.01424EPSS
Exploits0References6
Fedora
Fedora
added 2026/03/29 1:8 a.m.6 views

[SECURITY] Fedora 42 Update: rust-astral-tokio-tar-0.6.0-1.fc42

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

6.5CVSS5.8AI score0.00379EPSS
Exploits1
Fedora
Fedora
added 2026/03/29 1:8 a.m.8 views

[SECURITY] Fedora 42 Update: rust-tar-0.4.45-1.fc42

A Rust implementation of a TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all at once...

6.5CVSS5.8AI score0.00379EPSS
Exploits1
Fedora
Fedora
added 2026/03/28 12:46 a.m.8 views

[SECURITY] Fedora 43 Update: bcftools-1.23.1-1.fc43

BCFtools is a set of utilities that manipulate genomic variant calls in the Variant Call Format VCF and its binary counterpart BCF. All commands work transparently with both VCFs and BCFs, both uncompressed and BGZF-compressed. This BCFtools includes the polysomy subcommand, which is implemented...

8.8CVSS5.9AI score0.00373EPSS
Exploits0
Fedora
Fedora
added 2026/03/28 12:46 a.m.7 views

[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.6.0-1.fc43

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

6.5CVSS5.8AI score0.00379EPSS
Exploits1
Rows per page
Query Builder