2946 matches found
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: A fix was made to the NULL pointer dereference in dwc3gadgetsuspend. In current scenarios where “Plug-out” and “Plug-In” operations are performed continuously, there is a possibility that a NULL pointer...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a system hang that occurred during resume with a Thunderbolt monitor. Why This issue arises when using a Thunderbolt monitor and performing suspend or resume operations. During the resume procedure, the TBT...
EUVD-2026-29950
Bandit: Unauthenticated one-shot DoS via Transfer-Encoding: chunked...
Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked`
Summary Bandit's HTTP/1 chunked-body reader silently drops the request size cap that the application configures e.g. Plug.Parsers' default 8 MB length: and buffers the entire body in memory before the application sees it. An unauthenticated attacker can crash any Bandit-fronted Phoenix/Plug app...
GHSA-9Q9Q-324X-93R2 Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked`
Summary Bandit's HTTP/1 chunked-body reader silently drops the request size cap that the application configures e.g. Plug.Parsers' default 8 MB length: and buffers the entire body in memory before the application sees it. An unauthenticated attacker can crash any Bandit-fronted Phoenix/Plug app...
CVE-2026-42794
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
CVE-2026-8468
Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...
CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug
Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...
CVE-2026-8468
Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...
CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug
Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...
CVE-2026-8468
Summary (facts from sources): CVE-2026-8468 describes an unbounded memory accumulation in multipart header parsing within Elixir Plug (plug_project) andCowboy-derived code. The root cause is in plug_multipart:parse_headers/2 (and read_part_headers/2 in lib/plug/conn.ex) which accumulates incoming...
EEF-CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug
Summary Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper...
PT-2026-40905
Name of the Vulnerable Software and Affected Versions plug versions 1.4.0 through 1.15.3 plug version 1.16.3 plug version 1.17.1 plug version 1.18.2 plug version 1.19.2 Description An unbounded buffer accumulation issue exists during multipart header parsing. The function read part headers/2 in...
Plug 安全漏洞
Plug is an open-source web application middleware and connection specification library developed by elixir-plug, targeting the Elixir ecosystem. Versions of Plug prior to 1.15.4, 1.16.3, 1.17.1, 1.18.2, and 1.19.2 contain security vulnerabilities. These vulnerabilities stem from unlimited buffer...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017699)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017699 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Audit Plug-in. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and...
Unity Linux 20.1070e Security Update: openvpn (UTSA-2026-017373)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017373 advisory. OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred...
EUVD-2026-28799
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
absinthe_plug Has a Cross-site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
GHSA-C62G-J346-39V5 absinthe_plug Has a Cross-site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
CVE-2026-42794
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...