Lucene search
K

79 matches found

Amazon
Amazon
added 6 days ago5 views

Important: docker

Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...

7.5CVSS7.5AI score0.00939EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.4 views

Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

8.7CVSS7.1AI score0.00671EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 5:16 p.m.3 views

UBUNTU-CVE-2026-12912

A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT8BITABGR output format and a specific stride value, leading to a heap-base...

7.3CVSS6.7AI score0.00231EPSS
Exploits0References13
Debian CVE
Debian CVE
added 2026/06/22 4:57 p.m.7 views

CVE-2026-53537

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...

5.3CVSS5.9AI score0.00177EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/02 10:1 p.m.6 views

CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

7.5CVSS5.8AI score0.0056EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/22 4:16 p.m.13 views

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/18 8:37 p.m.13 views

Infinite loop

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.8AI score0.01849EPSS
Exploits4References2
NVD
NVD
added 2026/05/13 7:17 p.m.12 views

CVE-2026-42579

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit t...

9.1CVSS0.00969EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2026/04/29 1:26 p.m.8 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS6.7AI score0.00633EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/04/09 2:43 p.m.7 views

CVE-2026-5443

A heap buffer overflow vulnerability exists during the decoding of PALETTE COLOR DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memor...

9.8CVSS5.7AI score0.0057EPSS
Exploits0
Snyk
Snyk
added 2026/03/12 2:9 p.m.10 views

Use After Free

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.9AI score0.00243EPSS
Exploits0References2
OSV
OSV
added 2026/02/24 4:36 p.m.4 views

SUSE-SU-2026:0620-1 Security update for snpguest

This update for snpguest fixes the following issues: Update to version 0.10.0. Security issues fixed: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257927. - CVE-2025-3416: openssl: Use-After-Free in Md::fetch and Cipher::fetch...

8.8CVSS5.6AI score0.00486EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/02/16 11:56 a.m.5 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00633EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 9 : containernetworking-plugins-1.3.0-4.el9 (AXSA:2023-6651:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6651:02 advisory. golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPA...

9.8CVSS8.3AI score0.04561EPSS
Exploits0References11
Snyk
Snyk
added 2026/01/15 6:9 p.m.7 views

Server-side Request Forgery (SSRF)

Overview @sveltejs/adapter-node is an Adapter for SvelteKit apps that generates a standalone Node server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper decoding of protocol headers in resolved path. An attacker can cause the server process...

9.1CVSS6.8AI score0.00466EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.6 views

MiracleLinux 3 : cups-1.3.7-30.0.1.AXS3 (AXSA:2012-265:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-265:01 advisory. The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. It has been developed by Easy Software Products to promote a...

9.3CVSS8.3AI score0.12709EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:14 a.m.11 views

CVE-2019-2187

In nfcncifdecoderfparams of nfcncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1...

5.5CVSS6.2AI score0.0016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.8 views

CVE-2020-12751

An issue was discovered on Samsung mobile devices with O8.X, P9.0, and Q10.0 software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 May 2020...

7.8CVSS8AI score0.00461EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.13 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992977)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992977 advisory. In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it...

7.8CVSS6.1AI score0.0019EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/03 12:0 a.m.3 views

CVE-2025-53965

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking...

6.5AI score0.00256EPSS
Exploits0References2
Rows per page
Query Builder