3840 matches found
Netty Redis Codec Encoder has a CRLF Injection Issue
Security Vulnerability Report: CRLF Injection in Netty Redis Codec Encoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-redis | | Component | io.netty.handler.codec.redis.RedisEncoder | | Vulnerability...
EUVD-2026-27709
In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models at least with a warning, and unknown revisions of those which we do know, as although things do...
CVE-2026-43150
In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models at least with a warning, and unknown revisions of those which we do know, as although things do...
PT-2026-37490
In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models at least with a warning, and unknown revisions of those which we do know, as although things do...
JLSEC-2026-407
A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...
CVE-2026-7371
Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this...
Astra Linux - уязвимость в protobuf
Dereferencing a null pointer when a null char is present in a prototype symbol. The symbol is parsed incorrectly, resulting in an unchecked call into the name of the prototype file during the generation of the resulting error message. Since the symbol is incorrectly parsed, the file value is...
Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: brcm80211: fmac: Added error handling for brcmfusbdlwriteimage. The function brcmfusbdlwriteimage calls the function brcmfusbdlcmd, but does not check its return value. The ‘state.state’ and ‘state.bytes’ are uninitialized ...
CVE-2026-40686
In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present malformed UTF-8 header data. Information might be divulged within an error message produced during handling of an unrelated e-mail message...
CVE-2026-40686
In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present malformed UTF-8 header data. Information might be divulged within an error message produced during handling of an unrelated e-mail message...
CVE-2026-40686
In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present malformed UTF-8 header data. Information might be divulged within an error message produced during handling of an unrelated e-mail message...
Generation of Error Message Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information due to the raw message of every server-side AuthenticationException being returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker...
Vmware Spring gRPC 安全漏洞
Vmware Spring GRPC is an extension component for Spring application development developed by Vmware, which supports GRPC communication. Versions 1.0.0 to 1.0.2 of Vmware Spring GRPC contain security vulnerabilities. These vulnerabilities stem from the fact that the original message of the...
EUVD-2026-25203
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...
CLSA-2026-1776761965 colord: Fix of CVE-2021-42523
CVE-2021-42523: fix memory leak in cddevicedbload and cdprofiledbload where sqlite3exec errormsg output was allocated but never freed...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...