CVE-2025-67635

CVE-2025-67635 affects Jenkins 2.540 and earlier, and LTS 2.528.2 and earlier. The flaw is an HTTP-based CLI connection handling issue where the server does not properly close the connection when the stream is corrupted, allowing unauthenticated attackers to cause a denial of service. Connected s...

GHSA-JC7W-C686-C4V9 github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives

Summary It is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA head...

CVE-2023-52778

CVE-2023-52778 affects the Linux kernel’s MPTCP implementation. The root cause is a commit that allowed TCP sockets and MPTCP subflows to build egress packets larger than 64K, exceeding the DSS data size and causing misrepresentation on the wire and stream corruption. The issue manifests as large...

Adobe Reader and Acrobat Corrupted Stream Denial of Service

Corruption found in encoded streams inside PDF files may cause Adobe Reader and Acrobat to fail to decode these streams, which might lead to a denial of service condition. An attacker could exploit this vulnerability by sending a malformed PDF file containing such corruption inside encoded stream...