SUSE CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

CVE-2026-35602

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By...

PT-2024-40047 · Ckb · Ckb

Name of the Vulnerable Software and Affected Versions: CKB affected versions not specified Description: An issue allows an adversary to create a message with a compressed size less than the package limit, but with a very large decompressed length, such as 1G. This can cause a node to consume a...

EulerOS 2.0 SP5 : libvncserver (EulerOS-SA-2021-1208)

According to the versions of the libvncserver package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service...

SUSE SLES11 Security Update : LibVNCServer (SUSE-SU-2017:0104-1)

LibVNCServer was updated to fix two security issues. These security issues were fixed : - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted FramebufferUpdate message...

CVE-2016-9942

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed leng...