10 matches found
CVE-2026-55967
AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...
CVE-2024-27354
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service CPU consumption for an isPrime primality check. NOTE: this issue was introduced when...
Mozilla: Large WebGL draw could have led to a crash
The Mozilla Foundation Security Advisory describes this flaw as: Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash...
Mozilla: Large WebGL draw could have led to a crash
The Mozilla Foundation Security Advisory describes this flaw as: Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash...
Mozilla: Large WebGL draw could have led to a crash
The Mozilla Foundation Security Advisory describes this flaw as: Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash...
CVE-2022-28615 Read beyond bounds in ap_strcmp_match()
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...
Unbreakable Enterprise kernel-container security update
5.4.17-2102.203.6.el7 - seqfile: disallow extremely large seq buffer allocations Eric Sandeen Orabug: 33135632 CVE-2021-33909...
openSUSE: Security Advisory for the (openSUSE-SU-2021:2415-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
thunderbird: multiple issues
CVE-2015-7201 cross-origin restriction bypass using data: and view-source: uri scheme: Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to...
Updated ruby packages fix security vulnerabilities
Will Wood discovered that Ruby incorrectly handled the encodes function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a...