Lucene search
K

11 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: A upper bound check has been added to user inputs in the signal ioctl function. Large input values in amdgpuuserqsignalioctl can lead to a Out-of-Memory OOM condition, and this vulnerability could be exploited...

5.5CVSS5.7AI score0.00126EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/03 7:49 a.m.17 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.4 views

CVE-2026-6284

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...

9.3CVSS5.7AI score0.00449EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/17 3:14 p.m.3 views

CVE-2026-6284

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...

9.3CVSS5.7AI score0.00449EPSS
Exploits0References4Affected Software3
OSV
OSV
added 2025/10/22 10:15 p.m.3 views

DEBIAN-CVE-2025-62706

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

6.5CVSS5.3AI score0.00418EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/10 9:1 p.m.3 views

CVE-2025-61920

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...

7.5CVSS6.8AI score0.00582EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.5 views

PT-2025-41596

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.5 Description Authlib, a Python library for building OAuth and OpenID Connect servers, has an issue in its JOSE implementation. It accepts JWS/JWT header and signature segments without size limits. An attacker can...

7.8CVSS5.2AI score0.00582EPSS
Exploits1References36
Code423n4
Code423n4
added 2023/06/23 12:0 a.m.12 views

Incorrect setting of EthIBCDenom invalidates risk management limits

Lines of code Vulnerability details Impact In the documentation, it is stated that: For risk management purposes, a swap will fail if the input coin amount exceeds a pre-defined limit 10 USDC, 10 USDT, 0.01 ETH or if the swap amount limit is not defined. However, in the code it defined as:...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:50 a.m.3 views

SUSE CVE-2020-36475

An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. The calculations performed by mbedtlsmpiexpmod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs...

7.5CVSS7.3AI score0.0197EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/07/19 1:40 p.m.4 views

jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

7.5CVSS6.7AI score0.06873EPSS
Exploits0References5
OSV
OSV
added 2015/12/17 7:59 p.m.8 views

CVE-2015-8338

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the 1 XENMEMincreasereservation, 2 XENMEMpopulatephysmap, 3 XENMEMexchange, and possibly other HYPERVISORmemoryop suboperations, which allows ARM guest OS administrators to cause a denial of service CPU consumption,...

9.2AI score
Exploits0References4
Rows per page
Query Builder