20463 matches found
openjdk: Improved Arena allocations (Oracle CPU 2026-04)
Vulnerability in Oracle Java SE component: Libraries. The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this...
FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...
GHSA-7C6M-4442-2X6M PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions
Summary The XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row limit AddressRange::MAXROW = 1,048,576. An attacker can craft a minimal XLSX file 1.6KB containing a element that inflates...
PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions
Summary The XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row limit AddressRange::MAXROW = 1,048,576. An attacker can craft a minimal XLSX file 1.6KB containing a element that inflates...
CVE-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS
pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...
CVE-2026-42198
pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...
CVE-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS
pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...
FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...
FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...
CLSA-2026-1777452704 bind: Fix of CVE-2026-1519
CVE-2026-1519: limit NSEC3 iteration count when proving an insecure delegation so a maliciously crafted DNSSEC zone with a high-iteration NSEC3 record cannot exhaust resolver CPU; treat the answer as insecure above the 150-iteration limit. Backport of bind-9.11.36-16.el810.7 RHSA-2026:8352...
PT-2026-36036
NEW THREAT INTEL: Qinglong Auth Bypass Chain to RCE - CVE-2026-3965 + CVE-2026-4047 CVSS 9.3 chained for unauth RCE on Qinglong = 2.20.1, dropping .fullgc cryptominer. 9 detections, 20 IOCs. https://t.co/dXJBNXiie3 ThreatIntel CyberSecurity RCE CVE https://t.co/PmenIBo9jX...
pgJDBC 安全漏洞
pgJDBC is an open-source PostgreSQL driver developed by pgJDBC. Versions of pgJDBC from 42.2.0 to 42.7.11 contained security vulnerabilities. These vulnerabilities stemmed from a client denial-of-service vulnerability during SCRAM-SHA-256 authentication. A malicious server could instruct the driv...
CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification
Summary CoreDNS's DNS-over-HTTPS DoH GET path accepts oversized dns= query values and performs substantial request parsing, query unescaping, base64 decoding, and message unpacking work before returning 400 Bad Request. A remote, unauthenticated attacker can repeatedly send oversized DoH GET...
USN-8185-2: Linux kernel (Low Latency NVIDIA) vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...
XenServer Security Update for Multiple Issues
Severity: High Description of Problem Several issues have been identified that affect XenServer 8.4. These are: An issue that may, in some circumstances, allow a malicious privileged user in a guest VM to compromise the host. This issue has the following identifier: CVE-2026-23558 An issue that m...
Security update for dovecot22
This update for dovecot22 fixes the following issues: CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client bsc1260902. CVE-2026-27855: OTP drive...
SUSE-SU-2026:1641-1 Security update for dovecot22
This update for dovecot22 fixes the following issues: - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client bsc1260902. - CVE-2026-27855: OTP...
FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...
FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...
FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...