3470 matches found
Heap-based Buffer Overflow
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Important: Red Hat Security Advisory: rhc security update
An update for rhc is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
Security Bulletin: Vulnerabilities in Jetty, Eclipse Jetty,Spring Cloud Netflix Zuul,Spring Framework,Spring Security,NPM package,glob-parent package,jQuery,Braces, go-redis,qs,LZ4,js-yaml might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Jetty, Eclipse Jetty, Spring Cloud Netflix Zuul , Spring Framework, Spring Security, NPM package, glob-parent package, jQuery, Braces, go-redis, qs, LZ4 and js-yaml. Vulnerabilities include , bypassing the...
Security Bulletin: DevOps Test Performance and Rational Performance Tester contains a vulnerabilty related to use of the qs library
Summary Due to use of the qs library, DevOps Test Performance and Rational Performance Tester contain a potential improper input validation vulnerabiity. CVE-2025-15284 Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP...
CVE-2025-59969
CVE-2025-59969 affects Junos OS Evolved on PTX Series and QFX5000 Series. The vulnerability is a buffer copy without size checking in the advanced forwarding toolkit components evo-aftmand and evo-pfemand, leading to a Denial of Service when an attacker—positioned adjacent—sends crafted multicast...
Juniper Junos OS Vulnerability (JSA106019)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA106019 advisory. - An Incorrect Synchronization vulnerability in the management daemon mgd of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low...
CVE-2026-31063
UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBindConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2026-31065
CVE-2026-31065 affects UTT Aggressive 520W, v3v1.7.7-180627. A buffer overflow in the addCommand parameter of the formConfigCliForEngineerOnly function is described, enabling a crafted input to cause a Denial of Service (DoS). No further exploit details or patch/version remediation are provided i...
CVE-2026-34826
CVE-2026-34826 affects Rack prior to 2.2.23, 3.1.21, and 3.2.6. Rack::Utils.get_byte_ranges does not cap the number of individual byte ranges in the HTTP Range header, allowing an attacker to send many small overlapping ranges that trigger disproportionate CPU, memory, I/O, and bandwidth usage in...
CVE-2026-33871
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...
SUSE SLES12: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2026:1058-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1058-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to 'MadeYouReset' DoS attack bsc1243895. -...
CVE-2018-25215 Excel Password Recovery Professional 8.2.0.0 Local Buffer Overflow DoS
Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail and Registrations Code' field. Attackers can paste a crafted payload containing 5000 bytes of data...
Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to "MadeYouReset" DoS attack bsc1243895. CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM...
CVE-2026-26233 Denial of Service via HTTP/2 single packet attack on login endpoint
Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...
CVE-2026-20086
Cisco IOS XE Wireless Controller Software (Catalyst CW9800 Family) is affected by a DoS vulnerability in CAPWAP packet processing. An unauthenticated, remote attacker can send a malformed CAPWAP packet to trigger an unexpected device reload, resulting in service disruption. Root cause: improper h...
OPENSUSE-SU-2026:20413-1 Security update for nghttp2
This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS bsc1259845...
CVE-2019-25642 Bootstrapy CMS Lastest Multiple SQL Injection via Forum and Contact Modules
Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the threadid parameter of forum-thread.php, the subject parameter of...
Advisory ROSA-SA-2026-3230
software: avahi 0.8 WASP: ROSA-CHROME unaffected versions = avahi-0.8-12.git35bb1b.4 affected versions avahi-0.8-12.git35bb1b.4 CVE-ID: CVE-2025-68276 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Avahi mDNS/DNS-SD. An unprivileged local user can cause an avahi-daemon DoS crash by...
CVE-2026-32937 free5GC CHF has Out-of-Bounds Slice Access that Leads to DoS
free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...
CVE-2026-22319
A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack...