Lucene search
K

59 matches found

EUVD
EUVD
added 2026/06/25 10:18 p.m.9 views

EUVD-2026-31397

golang.org/x/crypto/ssh: Invoking client can cause server deadlock on unexpected responses...

9.1CVSS5.8AI score0.005EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51883

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the nvmet-tcp component occurs because the nvmet tcp build pdu iovec function does not propagate errors to its callers when detecting out-of-bounds PDU Protocol Data Unit lengt...

9.8CVSS6AI score0.00342EPSS
Exploits0References12
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error states in the block data length handler When a block read returns an invalid length, such as zero or I2CSMBUSBLOCKMAX, the length handler sets the state to IMXI2CSTATEFAILED. However, i2cimxmasterisr...

5.5CVSS5.5AI score0.001EPSS
Exploits0References1
Amazon
Amazon
added 2026/06/08 12:0 a.m.17 views

Important: runfinch-finch

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

10CVSS5.8AI score0.005EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-39830

A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...

9.1CVSS5.5AI score0.005EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:29 a.m.6 views

CVE-2026-48959

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

5.7AI score0.00373EPSS
Exploits0References3
NVD
NVD
added 2026/05/22 4:16 a.m.15 views

CVE-2026-39830

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

9.1CVSS0.005EPSS
Exploits0References9
CVE
CVE
added 2026/05/22 2:31 a.m.85 views

CVE-2026-39830

CVE-2026-39830 describes a vulnerability in golang.org/x/crypto/ssh where a malicious SSH peer can send unsolicited global request responses to fill an internal buffer, causing the connection read loop to block. The blocked goroutine cannot be released by Close(), leading to a per-connection reso...

9.1CVSS5.8AI score0.005EPSS
Exploits0References9Affected Software1
SUSE CVE
SUSE CVE
added 2026/02/16 12:25 a.m.8 views

SUSE CVE-2026-23197

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or I2CSMBUSBLOCKMAX, the length handler sets the state to IMXI2CSTATEFAILED. However, i2cimxmasterisr unconditionally...

5.5CVSS5.2AI score0.001EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/14 5:15 p.m.6 views

CVE-2026-23197

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or I2CSMBUSBLOCKMAX, the length handler sets the state to IMXI2CSTATEFAILED. However, i2cimxmasterisr unconditionally...

5.5CVSS5.7AI score0.001EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.3 views

PT-2026-8205

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or I2C SMBUS BLOCK MAX, the length handler sets the state to IMX I2C STATE FAILED. However, i2c imx master isr...

5.2AI score0.001EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/14 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or I2CSMBUSBLOCKMAX, the length handler sets the...

5.5CVSS6.1AI score0.001EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-2567

Malware in sbrugna...

7.5CVSS6.8AI score0.0473EPSS
Exploits0References58
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-13036

Malware in sbrugna...

4.7CVSS6AI score0.00526EPSS
Exploits1References15
SUSE CVE
SUSE CVE
added 2025/09/18 11:26 p.m.4 views

SUSE CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

3.7CVSS6.8AI score0.00271EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/18 9:21 a.m.3 views

CVE-2025-30187 Denial of service via crafted DoH exchange in PowerDNS DNSdist

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

3.7CVSS6.3AI score0.00271EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/09/18 9:21 a.m.5 views

CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

3.7CVSS5.2AI score0.00271EPSS
Exploits0
Cvelist
Cvelist
added 2025/09/18 9:21 a.m.8 views

CVE-2025-30187 Denial of service via crafted DoH exchange in PowerDNS DNSdist

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

3.7CVSS0.00271EPSS
Exploits0References1
CVE
CVE
added 2025/09/18 9:21 a.m.21 views

CVE-2025-30187

DNSdist is vulnerable when configured to use the nghttp2 library to process DoH queries. The issue is an unbounded I/O read loop in the DoH path that can cause CPU resource exhaustion (DoS). Affected code appears post-1.9.0-alpha1; various advisories recommend upgrading DNSdist to fixed releases....

3.7CVSS6.3AI score0.00271EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2020-16845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. CVE-2020-16845 Note...

7.5CVSS6.8AI score0.0473EPSS
Exploits0References3
Rows per page
Query Builder