703559 matches found
EUVD-2026-45154
Improper Handling of Insufficient Privileges vulnerability in Apache Accumulo. An authenticated, but low-privileged user without system permissions may issue a remote command to gracefully shutdown system components compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver,...
CVE-2026-62764 Apache Accumulo: A user can trigger a graceful shutdown of services without the relevant system permissions
Improper Handling of Insufficient Privileges vulnerability in Apache Accumulo. An authenticated, but low-privileged user without system permissions may issue a remote command to gracefully shutdown system components compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver,...
CVE-2026-62764
CVE-2026-62764 affects Apache Accumulo 2.1.4 and 2.1.5. An authenticated, low-privilege user without system permissions can remotely issue a command to gracefully shutdown several components (e.g., compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver), causing a denial of ...
CVE-2026-58317
The vulnerability CVE-2026-58317 affects the TTSSH2 plugin used by Tera Term. It is described as an Unsigned to Signed Conversion Error (CWE-196) that can occur when Tera Term connects to a server controlled by an attacker. The issue may trigger an out-of-bounds read/write, potentially causing ad...
EUVD-2026-45140
Unsigned to Signed Conversion Error CWE-196 vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory...
CVE-2026-60060
The vulnerability CVE-2026-60060 affects the TTSSH2 plugin of Tera Term. The issue is described as Improper Handling of Length Parameter Inconsistency (CWE-130) that can cause out-of-bounds read/write when Tera Term tries to establish an SSH connection to a server set up by an attacker. This may ...
EUVD-2026-45139
Improper Handling of Length Parameter Inconsistency CWE-130 vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of...
EUVD-2026-45068
Out-of-bounds write vulnerability in Legion of the Bouncy Castle Inc. BC-LTS bcprov-lts8on on ARM allows Overflow Buffers. This vulnerability is associated with program files https://github.Com/bcgit/bc-lts-java/blob/main/nativec/arm/sha/shake.C,...
EUVD-2026-45083
Grav before 2.0.4 contains a regular expression denial of service ReDoS vulnerability in the regexreplace filter and function, which are allowlisted in the Twig content sandbox. When Twig processing in page content is enabled security.twigcontent.processenabled: true, disabled by default, an...
EUVD-2026-45098
OpenClaw versions before 2026.6.1 contain a denial of service vulnerability where remote media URLs can trigger slow-read attacks that exhaust gateway worker resources. Attackers with access to configured input paths can supply remote media URLs that consume gateway resources and reduce...
The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.
The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...
CVE-2026-44436
Quicly (QUIC implementation used with H2O) is vulnerable to a Denial of Service due to connection state corruption caused by a 255-byte Connection ID handling in the decoder, while QUIC version 1 requires a 20-byte CID buffer. The library lacked enforcement for 20-byte CIDs, allowing mismatched I...
CVE-2026-44436 Quicly is vulnerable to connection state corruption
Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 8b178e6, Quicly is vulnerable to a Denial of Service attack through connection state corruption. In QUIC Invariants, the maximum length of a Connection ID is 255 bytes, while QUIC...
CVE-2026-44435
CVE-2026-44435 : Quicly (QUIC protocol implementation used with H2O) contains an assertion failure that triggers a Denial of Service when the total number of valid handshake messages over a CRYPTO stream within a single packet number space exceeds 32KB. The issue is fixed by commit 937d0e9. Affec...
CVE-2026-44433
CVE-2026-44433 affects the Quicly QUIC protocol implementation used with the H2O HTTP server. Prior to commit 8b178e6, an adversarial peer could send a STREAM frame carrying only a single byte at the largest permitted offset to obtain additional flow control credit, potentially causing memory exh...
CVE-2026-57075
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...
kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock
A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...
CVE-2026-58598
Technical details are not publicly available in the provided documents. Monitor for updates from vendors and advisories for CVE-2026-58598.
Important: Red Hat Security Advisory: pacemaker security update
An update for pacemaker is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
pacemaker: Pacemaker: Denial of Service via integer overflow in remote message decompression
A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial...