7795 matches found
SUSE CVE-2026-53133
In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix truncation for block sizes = 4G When the iommu is used the linearization of the mapping can give a single block that is very large split across multiple SG entries. When rdmablockiternext reassembles the split SG...
CVE-2026-10804
A flaw was found in Streamlit, within its Palette Handler component. This vulnerability stems from the use of a weak hashing algorithm. A local attacker could exploit this flaw, though it requires a high level of technical complexity. Successful exploitation may lead to a low impact on the...
golang.org/x/crypto vulnerable to infinite loop on large channel writes
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...
GHSA-W879-237Q-WC7R golang.org/x/crypto: Invoking pathological RSA/DSA parameters may cause DoS
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...
EUVD-2026-39551
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...
EUVD-2026-38385
MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps...
CVE-2026-42055
A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...
CVE-2026-55967
AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...
CVE-2026-55967
CVE-2026-55967 covers AES-GCM streaming APIs that fail to reject extremely large cumulative single messages (>64 GiB), allowing counter wrap and keystream reuse and enabling plaintext recovery. Public documents reference the same issue across multiple OS advisories (Ubuntu, Debian, Debian-deri...
CVE-2026-55967
AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...
CVE-2026-54448
Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...
EUVD-2026-39464
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 commit bb58a2d0 added limits: fileSize to createMulterInstance in the file upload routes. However, the POST /api/convos/import endpoint uses a separate multer instance that w...
CVE-2026-54024 LibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missing File Size Limits
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 commit bb58a2d0 added limits: fileSize to createMulterInstance in the file upload routes. However, the POST /api/convos/import endpoint uses a separate multer instance that w...
OPENSUSE-SU-2026:21159-1 Security update for python-py7zr
This update for python-py7zr fixes the following issues: Changes in python-py7zr: - CVE-2026-23879: crafted malicious symbolic link chains in an archive can lead to an arbitrary file write bsc1268669 - CVE-2026-55195: unchecked extraction size can cause a denial of service bsc1268665 -...
EUVD-2026-39338
In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix truncation for block sizes = 4G When the iommu is used the linearization of the mapping can give a single block that is very large split across multiple SG entries. When rdmablockiternext reassembles the split SG...
CVE-2026-53133
In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix truncation for block sizes = 4G When the iommu is used the linearization of the mapping can give a single block that is very large split across multiple SG entries. When rdmablockiternext reassembles the split SG...
CVE-2026-53133 RDMA/umem: Fix truncation for block sizes >= 4G
In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix truncation for block sizes = 4G When the iommu is used the linearization of the mapping can give a single block that is very large split across multiple SG entries. When rdmablockiternext reassembles the split SG...
CVE-2026-53133
The CVE-2026-53133 entry concerns the Linux kernel RDMA/umem component where an IOMMU-assisted mapping can split a very large block across multiple SG entries. During reassembly in __rdma_block_iter_next(), 32-bit stack values can overflow, causing incorrect DMA addresses for blocks at or beyond ...
PT-2026-52229
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA/umem component where the linearization of mapping when using an iommu can result in a single large block split across multiple SG entries. The function rdma...
CVE-2026-52812
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone /// but per-repo authorization lives in the lfsobject table keyed repoid, oid. serveUpload skips re-uploading when the OID file already exists on disk and inserts a new repoid, oid r...