666 matches found
PT-2026-48218
Name of the Vulnerable Software and Affected Versions SQLite versions prior to 3.53.2 Description A heap-based buffer overflow exists in the FTS5 full-text search extension. An attacker can cause a crash or execute arbitrary code by providing a crafted database containing malicious continuation...
CVE-2026-46303
In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rockcontinue reads rs-contextent verbatim from the Rock Ridge CE record and passes it to sbbread without checking that the block number is within the mounted I...
UBUNTU-CVE-2026-46303
In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rockcontinue reads rs-contextent verbatim from the Rock Ridge CE record and passes it to sbbread without checking that the block number is within the mounted I...
CVE-2026-46303
In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rockcontinue reads rs-contextent verbatim from the Rock Ridge CE record and passes it to sbbread without checking that the block number is within the mounted I...
EUVD-2026-35168
In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rockcontinue reads rs-contextent verbatim from the Rock Ridge CE record and passes it to sbbread without checking that the block number is within the mounted I...
CVE-2026-46303 isofs: validate Rock Ridge CE continuation extent against volume size
In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rockcontinue reads rs-contextent verbatim from the Rock Ridge CE record and passes it to sbbread without checking that the block number is within the mounted I...
CVE-2026-46303
The CVE-2026-46303 vulnerability affects the Linux kernel isofs Rock Ridge CE handling. rock_continue() could use rs->cont_extent without validating the block number, allowing potential reads of data from an adjacent filesystem via sb_bread() on crafted ISO mounts. The issue was addressed by p...
PT-2026-47374
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.12-1.1 Description The rock continue function in the isofs component reads the rs-cont extent from the Rock Ridge CE record and passes it to sb...
CVE-2026-10725
Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...
UBUNTU-CVE-2026-10725
Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...
CVE-2026-10725
Protocol::HTTP2 for Perl (versions up to 1.12) is vulnerable to an HTTP/2 Bomb. The inbound HPACK path lacks a header-list size limit; headers_decode materialises a full key+value copy per indexed reference with no running size check, and stream_header_block_add appends every CONTINUATION frame u...
CVE-2026-10725 Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb
Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...
PT-2026-47148
Name of the Vulnerable Software and Affected Versions Protocol::HTTP2 versions prior to 1.13 Description The software is susceptible to an HTTP/2 Bomb, where a small request can expand into large server memory consumption. This occurs because the inbound HPACK path lacks a header-list size limit...
CVE-2026-33814
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
CVE-2026-49754
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...
HCL BigFix Remote Control <= 10.1.0.0442 Multiple Vulnerabilities
The version of HCL BigFix Remote Control running on the remote host is 10.1.0.0442 or earlier. It is, therefore, affected by multiple vulnerabilities: - A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directive...
netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood
A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...
CVE-2026-49754
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...
CVE-2026-49754 HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...
CVE-2026-49754 HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...