Lucene search
K

103 matches found

OSV
OSV
added 6 days ago2 views

CVE-2026-56814 Plug: multipart :length limit is not charged for part headers, enabling unbounded temp-file creation (denial of service)

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References14
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in xorg-server

A vulnerability classified as critical was discovered in X.org Server. The vulnerability affects the GetCountedString function in the xkb/xkb.c file. This vulnerability can lead to a buffer overflow. It is recommended that you apply a patch to address this issue. The identifier associated with th...

8.8CVSS7.4AI score0.01419EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/04/17 8:1 a.m.3 views

jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers

...

8.2CVSS5.7AI score0.00559EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/04/13 10:18 p.m.4 views

CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

6.9CVSS5.9AI score0.00559EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.10 views

PT-2026-3079

The SharedPointer::alloc implementation for sync::Arc and rc::Rc in rkyv/src/impls/alloc/rc/atomic.rs and rc.rs does not check if the allocator returns a null pointer on OOM Out of Memory. This null pointer can flow through to SharedPointer::from value, which calls Box::from rawptr with the null...

7.4AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/11 9:13 a.m.3 views

kernel: padata: fix UAF in padata_reorder

A use-after-free vulnerability was found in the Linux kernel's padata subsystem, in the padatareorder function. Caused by improper synchronization controls, this vulnerability can occur when a reference-counted data structure pd is decremented in one thread, freeing it, while another thread still...

7.8CVSS7.1AI score0.002EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/11 8:21 a.m.3 views

kernel: padata: fix UAF in padata_reorder

A use-after-free vulnerability was found in the Linux kernel's padata subsystem, in the padatareorder function. Caused by improper synchronization controls, this vulnerability can occur when a reference-counted data structure pd is decremented in one thread, freeing it, while another thread still...

7.8CVSS7.1AI score0.002EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-29662

Malicious code in bioql PyPI...

8.1CVSS6.8AI score0.03821EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2022-24903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used...

8.1CVSS7.5AI score0.03821EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/08/13 2:49 a.m.3 views

kernel: padata: fix UAF in padata_reorder

A use-after-free vulnerability was found in the Linux kernel's padata subsystem, in the padatareorder function. Caused by improper synchronization controls, this vulnerability can occur when a reference-counted data structure pd is decremented in one thread, freeing it, while another thread still...

7.8CVSS7.1AI score0.002EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/08/11 2:20 p.m.4 views

kernel: padata: fix UAF in padata_reorder

A use-after-free vulnerability was found in the Linux kernel's padata subsystem, in the padatareorder function. Caused by improper synchronization controls, this vulnerability can occur when a reference-counted data structure pd is decremented in one thread, freeing it, while another thread still...

7.8CVSS7.1AI score0.002EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/08/11 9:52 a.m.6 views

kernel: padata: fix UAF in padata_reorder

A use-after-free vulnerability was found in the Linux kernel's padata subsystem, in the padatareorder function. Caused by improper synchronization controls, this vulnerability can occur when a reference-counted data structure pd is decremented in one thread, freeing it, while another thread still...

7.8CVSS7.1AI score0.002EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/08/11 9:43 a.m.3 views

kernel: padata: fix UAF in padata_reorder

A use-after-free vulnerability was found in the Linux kernel's padata subsystem, in the padatareorder function. Caused by improper synchronization controls, this vulnerability can occur when a reference-counted data structure pd is decremented in one thread, freeing it, while another thread still...

7.8CVSS7.1AI score0.002EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-37816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mei: vsc: Fix fortify-panic caused by invalid countedby use gcc 15 honors the countedbylen...

5.5CVSS6.3AI score0.00168EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/08/05 6:1 p.m.3 views

kernel: padata: fix UAF in padata_reorder

A use-after-free vulnerability was found in the Linux kernel's padata subsystem, in the padatareorder function. Caused by improper synchronization controls, this vulnerability can occur when a reference-counted data structure pd is decremented in one thread, freeing it, while another thread still...

7.8CVSS7.1AI score0.002EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/08/04 3:19 p.m.3 views

kernel: padata: fix UAF in padata_reorder

A use-after-free vulnerability was found in the Linux kernel's padata subsystem, in the padatareorder function. Caused by improper synchronization controls, this vulnerability can occur when a reference-counted data structure pd is decremented in one thread, freeing it, while another thread still...

7.8CVSS7.1AI score0.002EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: mei: vsc: Fixed the issue caused by invalid use of countedby GCC 15 recognizes the countedbylen attribute in vsctppacket.buf, and the vsc-tp.c code uses this attribute incorrectly. len does not contain the available size in the...

5.5CVSS6.6AI score0.00168EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.9 views

TencentOS Server 3: rsyslog (TSSA-2022:0137)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0137 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

8.1CVSS7.5AI score0.03821EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.12 views

Alibaba Cloud Linux 3 : 0137: rsyslog (ALINUX3-SA-2022:0137)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0137 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-24903: Rsyslog is a rocket-fast system for...

8.1CVSS7.5AI score0.03821EPSS
Exploits0References2
OSV
OSV
added 2025/05/08 7:15 a.m.2 views

DEBIAN-CVE-2025-37816

In the Linux kernel, the following vulnerability has been resolved: mei: vsc: Fix fortify-panic caused by invalid countedby use gcc 15 honors the countedbylen attribute on vsctppacket.buf and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it...

5.5CVSS6AI score0.00168EPSS
Exploits0References1
Rows per page
Query Builder