7066 matches found
EUVD-2026-44746
The Zephyr ADIN2111/ADIN1110 10BASE-T1S/T1L Ethernet driver drivers/ethernet/ethadin2111.c reassembles received Ethernet frames in OPEN Alliance OA SPI mode by copying device-supplied 64-byte data chunks into a fixed static buffer ctx-buf of size CONFIGETHADIN2111BUFFERSIZE default 1524 bytes. In...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...
CVE-2026-15713
This CVE affects Libsoup’s HTTP/2 implementation. The issue is a memory leak where memory context blocks are not properly released under specific stream termination conditions (e.g., window exhaustion or explicit stream resets). A remote, unauthenticated attacker acting as a malicious network pee...
CVE-2026-15712
A heap buffer over-read vulnerability was discovered in libsoup's versions: libsoup 3.0 to 3.7.0 HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional Debug Data" payload by assuming the data stream is a safely NUL-terminate...
CVE-2026-15712
CVE-2026-15712 affects libsoup’s HTTP/2 connection tracking in/libsoup3 (versions 3.0–3.7.0) where the GOAWAY frame’s Additional Debug Data is parsed as a NUL-terminated C-string without strict length checks. This permits a remote, unauthenticated attacker to send malformed GOAWAY frames, causing...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...
EUVD-2026-43607
OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData frame carrying a very short CIP payload whose pathsize field claims that many more path words are...
binutils: GNU Binutils Linker heap-based overflow
A head based buffer overflow flaw has been discovered in GNU bin utilities. Impacted is the function bfdelfparseehframe of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution...
CVE-2026-51541
OpENer 2.3.0 (commit 76b95cf) is affected by CVE-2026-51541 due to an out-of-bounds read in CIP message parsing when processing malformed explicit requests with a forged EPath size. An ENIP SendRRData frame carrying a short CIP payload with a larger declared path_size can cause the parser to cont...
undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion,...
CVE-2026-57220
RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame length...
CVE-2026-57220 RabbitMQ: Stream listener does not enforce configured frame-size limit during authentication, permitting unauth'd mem-exhaust DoS
RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame length...
CVE-2026-57220
RabbitMQ (server) prior to 4.2.6 is vulnerable in the stream listener: during authentication and before Tune negotiation, it does not enforce the configured stream frame-size limit. An unauthenticated remote client can declare oversized frame lengths, potentially exhausting broker memory via rabb...
undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion,...
PT-2026-57305
Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 4.2.6 Description The RabbitMQ stream listener fails to enforce the configured stream frame-size limit when assembling frames during authentication and before Tune negotiation. This allows an unauthenticated remote...
netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak
A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...
gstreamer1-plugins-good: GStreamer: Heap buffer overflow in WavPack decoder via integer overflow
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...
kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...