CVE-2026-32936

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

CVE-2026-32936

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

UBUNTU-CVE-2026-32854

LibVNCServer versions 0.9.15 and prior fixed in commit dc78dee contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit...

Flexense DiskBoss Enterprise 安全漏洞

Flexense DiskBoss Enterprise is a file management tool from Flexense. A security vulnerability exists in Flexense DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14, which stems from improper boundary checking of the HTTP GET request path component, which could result in a stack buffer...

SUSE CVE-2017-11125

libxar.so in xar 1.6.1 has a NULL pointer dereference in the xargetpath function in util.c...

CVE-2022-26233

Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /...." substring...

UBUNTU-CVE-2018-5873

An issue was discovered in the nsgetpath function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel Android for MSM, Firefox OS for MSM, QRD Andro...

PT-2018-17205 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11 Description: A race condition in the ns get path function in fs/nsfs.c can lead to a Use After Free condition when accessing files. This issue also affects Android releases from CAF using the Linux kernel...

Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02)

The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary...