Lucene search
K

139 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tap: added missing verification for short frames The referenced commit failed to check the validity of the frame length in the tapgetuserxdp function, which could result in a corrupted skb being sent down the stack. Even before t...

7.1CVSS6.4AI score0.00254EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tun: Added missing verification for short frames. The referenced commit failed to check the validity of the frame length in the tunxdpone path, which could result in a corrupted skb being sent down the stack. Even before the skb ...

7.1CVSS6.2AI score0.00254EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/12 8:34 p.m.13 views

CVE-2026-10142

A flaw was found in kafka-python. A malicious broker or a machine-in-the-middle attacker can exploit a denial-of-service vulnerability in the protocol parser. By sending a specially crafted 4-byte frame length value without proper bounds validation, an attacker can trigger excessive memory...

8.7CVSS5.2AI score0.00348EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-10142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker t...

8.7CVSS5.9AI score0.00348EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 12:32 a.m.10 views

EUVD-2026-36123

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

8.7CVSS5.5AI score0.00348EPSS
Exploits0References5
OSV
OSV
added 2026/06/10 10:16 p.m.7 views

DEBIAN-CVE-2026-10142

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

8.7CVSS5.3AI score0.00348EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 10:16 p.m.7 views

UBUNTU-CVE-2026-10142

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

8.7CVSS5.4AI score0.00348EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/06/10 8:16 p.m.11 views

CVE-2026-46673

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS5.7AI score0.00263EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/10 8:13 p.m.7 views

CVE-2026-10142 kafka-python prior to 2.3.2 Denial of Service via Protocol Parser Frame Length

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

8.7CVSS5.5AI score0.00348EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/10 8:13 p.m.31 views

CVE-2026-10142 kafka-python prior to 2.3.2 Denial of Service via Protocol Parser Frame Length

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

8.7CVSS0.00348EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 8:13 p.m.26 views

CVE-2026-10142

CVE-2026-10142 affects kafka-python prior to 2.3.2. The vulnerability resides in the protocol parser, where an attacker can send a crafted 4-byte frame length via receive_bytes() without bounds validation. This can cause a multi-gigabyte memory allocation or an uncaught ValueError, leaving the co...

8.7CVSS5.5AI score0.00348EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/06/10 8:13 p.m.7 views

CVE-2026-10142

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

8.7CVSS5.3AI score0.00348EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

kafka-python 安全漏洞

Kafka-Python is a distributed stream processing engine client library written entirely in Python by Dana Powers. Versions of Kafka-Python prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of boundary validation for the 4-byte frame length value in the...

8.7CVSS5.3AI score0.00348EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48530

Name of the Vulnerable Software and Affected Versions kafka-python versions prior to 2.3.2 Description A denial-of-service issue exists in the protocol parser. A malicious broker or machine-in-the-middle attacker can exhaust memory or hang connections by sending a crafted 4-byte frame length valu...

8.7CVSS5.5AI score0.00348EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.9 views

PT-2026-50142

It was discovered that rabbitmq-c exposed credentials in command-line arguments under certain circumstances. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2023-35789 It was discovered that...

5.5CVSS6.2AI score0.00214EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Apache Fluss 安全漏洞

Apache Fluss is a streaming storage system developed by the Apache Foundation in the United States. Versions 0.8.0 and 0.9.0 of Apache Fluss contain security vulnerabilities. These vulnerabilities stem from the use of Integer.MAXVALUE as the maximum frame length in the Netty...

7.5CVSS5.4AI score0.0058EPSS
Exploits0References2
Debian
Debian
added 2026/05/30 2:38 p.m.19 views

[BSA-135] Security Update for exim4

Andreas Metzler uploaded new packages for exim4 which fixed the following security problems: CVE-2026-48840 PROXYv2 parser: reject PROXY frames whose declared payload length is too short for the claimed address family 12 bytes for TCPv4/0x11, 36 bytes for TCPv6/0x21. Previously a frame with...

5.3CVSS5.7AI score0.00264EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: mt7925: Fixed possible out-of-band OOB access in mt7925macwritetxwi80211. Check the frame length before accessing the mgmt fields in mt7925macwritetxwi80211 in order to avoid possible OOB access...

7.1CVSS5.7AI score0.00125EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-net: xsk: rx: fix the frame’s length check When calling buftoxdp, the len argument represents the length of the frame’s data, excluding the length of the virtio header vi-hdrlen. We check that len is not greater than the...

5.5CVSS6.5AI score0.00154EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 8:33 p.m.4 views

GO-2026-4841 NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead in github.com/nats-io/nats-server

NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead in github.com/nats-io/nats-server...

7.5CVSS5.9AI score0.00582EPSS
Exploits0References2
Rows per page
Query Builder