812 matches found
openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing
A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...
EUVD-2026-40279
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...
CVE-2026-53292
A flaw was found in the Linux kernel's phonet networking subsystem. A local user could trigger a kernel panic by sending a specially crafted message, leading to a denial of service. This occurs because the pnsocketautobind function incorrectly assumes a socket is already bound when pnsocketbind...
CVE-2026-52958
A flaw was found in the Linux kernel's libceph component. This vulnerability, located within the osdmapdecode function, can lead to an out-of-bounds memory access. A remote attacker could exploit this by sending a specially crafted and corrupted osdmap message, where the maxosd value exceeds the...
Oracle Linux 9 : dovecot (ELSA-2026-19364)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19364 advisory. - fix CVE-2026-27858: denial of service via crafted message before authentication RHEL-161640 - fix CVE-2025-59032: ManageSieve: Denial of Service via...
Astra Linux – Vulnerability in Firefox and Thunderbird
An attacker could have sent a message to the parent process, with the contents being used to index into a JavaScript object twice. This would lead to prototype pollution, and ultimately, attacker-controlled JavaScript would execute in the privileged parent process. This vulnerability affects...
PT-2026-50891
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An unchecked enum cast issue exists in the BeginSidebandStream function. An attacker can trigger invalid enum states and undefined behavior by supplying a specially crafted message containing...
dovecot: denial of service via crafted message before authentication
A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...
Amazon Linux 2 : bind, --advisory ALAS2-2026-3321 (ALAS-2026-3321)
The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3321 advisory. Fix GSS-API resource leak CVE-2026-3039 An unauthenticated remote attacker can crash any affected named instance with a...
CVE-2026-25658
Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...
DEBIAN-CVE-2026-37462
An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the lwssshparseplaintext function. An attacker can exhaust system resources by sending specially crafted messages with manipulated msglen arguments remotely. Remediation There is ...
Eclipse Open9J: Denial of Service in JITServer via crafted TCP message
A flaw was found in Eclipse Open9J and JITServer. A remote attacker, without needing to authenticate, can send a specially crafted 32-byte TCP message to JITServer. This action can cause JITServer to crash, leading to a Denial of Service DoS for affected systems...
RLSA-2026:19364 Important: dovecot security update
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...
SUSE CVE-2026-6918
In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message...
CVE-2026-9490
A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message message type 0x03 to the pipe, causing the service ...
Unity Linux 20.1060e / 20.1070e Security Update: libupnp (UTSA-2026-016655)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016655 advisory. Portable UPnP SDK aka libupnp 1.12.1 and earlier allows remote attackers to cause a denial of service crash via a crafted SSDP message due to a NULL pointer...
Astra Linux – Vulnerability in libmodbus
It was discovered that libmodbus v3.1.6 contains a use-after-free issue related to the ctx-backend pointer. This vulnerability allows attackers to cause a Denial of Service DoS attack by sending a crafted message to the unit-test-server...
dovecot: denial of service via crafted message before authentication
A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...
dovecot: denial of service via crafted message before authentication
A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...