Lucene search
K

29 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51880

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nf conntrack sip module due to unsafe port parsing. The system used the simple strtoul function, which assumes strings are NUL-terminated, on...

9.8CVSS5.8AI score0.00559EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/08 8:59 p.m.14 views

CVE-2026-45149

A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service DoS by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high...

7.5CVSS6.9AI score0.00278EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 8:16 p.m.15 views

CVE-2026-45149

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...

7.5CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 7:55 p.m.42 views

CVE-2026-45149 brace-expansion: Large numeric range defeats documented `max` DoS protection

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...

6.5CVSS0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 7:55 p.m.9 views

CVE-2026-45149 brace-expansion: Large numeric range defeats documented `max` DoS protection

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...

6.5CVSS5.9AI score0.00278EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:55 p.m.8 views

CVE-2026-45149

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...

6.5CVSS5.9AI score0.00278EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/29 7:55 p.m.11 views

CVE-2026-45149

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...

7.5CVSS5.9AI score0.00278EPSS
Exploits0
CVE
CVE
added 2026/05/29 7:55 p.m.208 views

CVE-2026-45149

The CVE-2026-45149 issue affects the brace-expansion library (Julian Gruber) where the max option was applied too late for 5.0.0–5.0.5. When expanding a large numeric range (e.g., {1..10000000}), the code builds all intermediate elements before enforcing max, allocating about 505 MB and taking ~8...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/18 4:22 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview brace-expansion is a Brace expansion as known from sh/bash Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the max option being applied after generating all elements in a large numeric range. An attacker can exhaust system...

8.7CVSS5.8AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 4:22 p.m.5 views

GHSA-JXXR-4GWJ-5JF2 brace-expansion: Large numeric range defeats documented `max` DoS protection

The max option was being applied too late: When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate elements before the max limit is applied With max=10, the output is correctly limited to 10 items, but the process still...

6.5CVSS5.8AI score0.00278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/09 8:27 p.m.4 views

brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion

A flaw was found in the brace-expansion component. This denial of service DoS vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory...

9.2CVSS6.6AI score0.00481EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/06 3:32 p.m.7 views

CVE-2026-25547

A flaw was found in the brace-expansion component. This denial of service DoS vulnerability allows a remote attacker to provide specially crafted input containing repeated numeric brace ranges. This input causes the library to attempt an unbounded expansion, consuming excessive CPU and memory...

9.2CVSS5.5AI score0.00481EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/10/08 3:18 p.m.7 views

kernel: bpf: Don't use tnum_range on array range checking for poke descriptors

In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnumrange on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in...

7.1CVSS6.8AI score0.0021EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-3459

Malware in sbrugna...

7.5CVSS8.3AI score0.03263EPSS
Exploits1References41
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2023-12482

Malicious code in bioql PyPI...

8.6CVSS7.6AI score0.004EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-28839

Malicious code in bioql PyPI...

8.2CVSS8.2AI score0.00301EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/09/06 12:0 a.m.30 views

ABB Freelance AC 900F and AC 700F Numeric Range Comparison Without Minimum Check (CVE-2023-0425)

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make th...

8.6CVSS7.4AI score0.004EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.28 views

Siemens InsydeH2O Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-41838)

An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check. Insyde BIOS is...

8.2CVSS8.1AI score0.00301EPSS
Exploits0References5
NVD
NVD
added 2023/08/07 6:15 a.m.46 views

CVE-2023-0425

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make th...

8.6CVSS8.8AI score0.004EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/07 5:6 a.m.13 views

CVE-2023-0425 Buffer overflow in global memory region

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make th...

8.6CVSS7.3AI score0.004EPSS
Exploits0References1
Rows per page
Query Builder