GHSA-6GHJ-FRRJ-JJJ3 Netty has Unbounded Direct Memory Consumption in its RedisDecoder

Summary An attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct memory pool OutOfDirectMemoryError, preventing legitimate connections from being processed. Details io.netty.handler.codec.redis.RedisDecoder decodes the...

Netty has Unbounded Direct Memory Consumption in its RedisDecoder

Summary An attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct memory pool OutOfDirectMemoryError, preventing legitimate connections from being processed. Details io.netty.handler.codec.redis.RedisDecoder decodes the...

Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking

Summary An attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses can bypass the restrictions. Details io.netty.handler.ipfilter.IpSubnetFilterRulecompareTojava.net.InetSocketAddress method performs a bitwise AND...

CVE-2026-46306

A flaw was found in the Linux kernel's flow dissector. This vulnerability allows a remote attacker to cause a Denial of Service DoS by sending a specially crafted Point-to-Point Protocol over Ethernet PPPoE Protocol Field Compression PFC frame to an affected system. The incorrect processing of...

Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type

Summary Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The vulnerable behavior happens before client lookup and before any redirect URI validation. As a...

CVE-2026-46306

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

CVE-2026-43974

A flaw was found in gun. A malicious HTTP server can exploit this vulnerability by sending an unsolicited '101 Switching Protocols' response to a gun client. This action forces the client into a raw protocol mode, allowing the server to flood the client with arbitrary data. This uncontrolled data...

CVE-2026-46306 flow_dissector: do not dissect PPPoE PFC frames

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

EUVD-2026-35171

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

CVE-2026-46306

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

CVE-2026-46306

CVE-2026-46306 affects the Linux kernel where the flow_dissector incorrectly dissects PPPoE PFC frames. The root cause is handling a compressed (1-byte) Protocol Field Compression (PFC) in PPPoE, which shifts the subsequent PPP payload by one byte, causing a 4-byte network-header misalignment and...

EUVD-2026-35099

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

CVE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

CVE-2026-44185

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

CVE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

CVE-2026-49235

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

CVE-2026-43974

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

CVE-2020-37248

OfflineIMAP prior to version 8.0.3 is affected by a STARTTLS trust issue: the client trusts the server’s STARTTLS capability before authentication, enabling man-in-the-middle attacks that can exfiltrate credentials in cleartext. This vulnerability can enable an attacker to take over the connectio...

CVE-2026-49494

Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value taken from the IPv6 fixed header's payload length field by the size of each IPv6 extension header without validating it, so...