SUSE CVE-2026-42946

A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control responses from an upstream...

CVE-2026-35480

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...

aws-kms-tls-auth vulnerable to memory overallocation

Summary aws-kms-tls-auth is an optional utility for s2n-tls that enables customers to use AWS KMS keys as part of the PSK extension field in a TLS 1.3 handshake. An issue exists in this library that can lead to overallocation of memory potentially resulting in a denial of service. Impact The PSK...

GHSA-5WHH-4Q9J-7V28 aws-kms-tls-auth vulnerable to memory overallocation

Summary aws-kms-tls-auth is an optional utility for s2n-tls that enables customers to use AWS KMS keys as part of the PSK extension field in a TLS 1.3 handshake. An issue exists in this library that can lead to overallocation of memory potentially resulting in a denial of service. Impact The PSK...

UBUNTU-CVE-2026-23052

In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pgremaining calculation in ftraceprocesslocs assumes that ENTRIESPERPAGE multiplied by 2^order equals the actual capacity of the allocated page group. However, ENTRIESPERPAGE is...

undici 安全漏洞

undici is an open source HTTP/1.1 client for Node.js. A security vulnerability exists in undici versions prior to 7.18.0 and prior to 6.23.0, which stems from an unlimited number of links in an unzip chain, and could lead to high CPU usage and memory over-allocation...

SUSE CVE-2025-33177

NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service...

CVE-2025-33177

NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service...

EUVD-2025-34478

NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service...

CVE-2025-33177

NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service...

CVE-2025-33177

NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service...

CVE-2025-33177

NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service...

CVE-2025-33177

Summary: CVE-2025-33177 affects NVIDIA Jetson Linux and IGX OS via NvMap, where improper tracking of memory allocations can enable a local attacker to cause memory overallocation and potentially trigger a denial of service. The base CVSS 3.1 score is 5.5 (Medium) with local attack vector and low ...

PT-2025-42174

Name of the Vulnerable Software and Affected Versions NVIDIA Jetson Linux and IGX OS affected versions not specified Description The software contains a flaw in NvMap related to memory allocation tracking. This could allow a local attacker to cause memory overallocation, potentially leading to a...

AZL-66725 CVE-2025-58058 affecting package buildah for versions less than 1.41.4-2

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

gRPC Security Vulnerabilities

gRPC is a modern, open-source, high-performance remote procedure call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC versions prior to 1.10.9, 1.9.15, and 1.8.22, which stems from the ability to allocate memory far beyond the configuration limit for incoming messages...

OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...