270 matches found
GHSA-5WRP-CWCJ-Q835 opentelemetry-go's baggage parsing no longer caps raw header length
Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Details The commit removes the upfront baggage-string length check and the...
opentelemetry-go's baggage parsing no longer caps raw header length
Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Details The commit removes the upfront baggage-string length check and the...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: DCCP: Fixed an out-of-bounds access in the DCCP error handler. There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only wanted to access the first 8...
Astra Linux - уязвимость в cups-filters
“cups-filters” contains backends, filters, and other software required to make the cups printing service work on operating systems other than macOS. If you use the Backend Error Handler beh to create an accessible network printer, this security vulnerability can lead to remote code execution. The...
@ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue
A vulnerability was determined in Vercel AI up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
CVE-2026-42552
Flight PHP core prior to version 3.18.1 exposes verbose error information via the Engine::_error() handler, including the exception message, code, and full stack trace with absolute filesystem paths, in HTTP 500 responses. This leads to leakage of internal paths, secrets embedded in messages, and...
CVE-2026-42552 Flight: Sensitive information disclosure via default error handler in flightphp/core
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak...
CVE-2026-42552
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak...
GHSA-QRCH-52M5-VV85 Flight vulnerable to sensitive information disclosure via default error handler
Summary The default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak internal paths, any secret interpolated into an exception...
Flight vulnerable to sensitive information disclosure via default error handler
Summary The default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak internal paths, any secret interpolated into an exception...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix bad pointer dereference when ehandler kthread is invalid Commit 66a834d09293 "scsi: core: Fix error handling of scsihostalloc" changed the allocation logic to call putdevice to perform host cleanup with the...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-012996)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012996 advisory. In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013168)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013168 advisory. In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an...
OESA-2026-1773 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classifie...
CVE-2025-20068
Improper input validation in the UEFI ImcErrorHandler module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...
CVE-2025-20068
Improper input validation in the UEFI ImcErrorHandler module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...
CVE-2025-20068
Improper input validation in the UEFI ImcErrorHandler module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...
CVE-2025-20068
CVE-2025-20068 describes improper input validation in the UEFI ImcErrorHandler module on some Intel reference platforms that may allow escalation of privilege via a local, high-complexity attack by a privileged user, with no user interaction. The vulnerability has high impact across confidentiali...
SUSE CVE-2026-26018
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable...
CoreDNS Loop Detection Denial of Service Vulnerability
Executive Summary A Denial of Service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator PRNG for generating a secret...