11964 matches found
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the remotewrite HTTP handler not enabled by default. An attacker can cause excessive memory allocation by sending specially crafted HTTP requests, potentially leading to service disruption...
CVE-2026-26931
Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...
CVE-2026-26940
The CVE concerns Kibana’s Timelion visualization plugin, where improper validation of a specified quantity (input) by an authenticated user can cause a Denial of Service through excessive allocation. The underlying issue is validated quantity handling leading to overwriting internal series data p...
CVE-2026-26931 Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service
Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...
CVE-2026-26931
CVE-2026-26931 affects Metricbeat’s Prometheus remote_write HTTP handler. The issue is a memory allocation with an excessive size value, leading to Denial of Service. Public references (OSV/GHSA/Nessus) describe Metricbeat (8.0.x–8.19.12/9.0.x–9.2.4 ranges) as affected and indicate remediation by...
CVE-2026-26931 Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service
Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...
CVE-2026-26931
Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...
Metricbeat 8.19.13, 9.2.5 Security Update (ESA-2026-09)
Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130. Affected Versions: 8.x: All versions...
EUVD-2026-13099
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CVE-2026-4426
CVE-2026-4426 concerns libarchive’s zisofs decompression logic where an ISO9660 Rock Ridge extension field pz_log2_bs is not properly validated. This Undefined Behavior can lead to incorrect memory allocation and a denial-of-service via crafted ISO files, with remote attack vector and user intera...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
nvme: fix memory allocation in nvme_pr_read_keys()
...
USN-8103-2: Exiv2 regression
USN-8103-1 fixed vulnerabilities in Exiv2. The update caused a regression for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exiv2 did not correctly handle...
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...
SUSE CVE-2026-23244
In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in nvmeprreadkeys nvmeprreadkeys takes numkeys from userspace and uses it to calculate the allocation size for rse via structsize. The upper limit is PRKEYSMAX 64K. A malicious or buggy userspace can...
openSUSE 16 Security Update : docker-stable (openSUSE-SU-2026:20366-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20366-1 advisory. - CVE-2025-58181: Fixed unbounded memory consumption. bsc1253904 - CVE-2025-30204: Fixed a bug in jwt-go which allows excessive memory allocatio...
Elastic Metricbeat 安全漏洞
Elastic Metricbeat is an metrics collector developed by the Dutch company Elastic. There is a security vulnerability in Elastic Metricbeat, which stems from an issue with the Prometheus remotewrite HTTP processor, where excessive memory allocation values may lead to denial-of-service attacks due ...
PT-2026-26314
Name of the Vulnerable Software and Affected Versions Metricbeat affected versions not specified Description A memory allocation issue exists within the Prometheus remote write HTTP handler in Metricbeat. This issue, categorized as excessive allocation CAPEC-130, can lead to a denial of service...