Lucene search
K

185 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in protobuf

There is a denial-of-service DoS vulnerability in the google.protobuf.jsonformat.ParseDict function in Python. This vulnerability allows for bypassing the maximum recursion depth when parsing nested google.protobuf.Any messages. Due to the lack of recursion depth accounting within the internal...

8.2CVSS6.6AI score0.00613EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

EulerOS Virtualization 2.10.1 : protobuf (EulerOS-SA-2026-2032)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...

8.2CVSS6.5AI score0.00613EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 9:16 a.m.32 views

CVE-2026-42358

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:49 a.m.15 views

EUVD-2026-33589

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS5.8AI score0.00421EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-44146

Description SymfonyComponentYamlParser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline Inline::parseSequence /...

6.9CVSS5.8AI score0.00089EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Wireshark

In Wireshark versions 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This issue was addressed in the epan/dissectors/packet-bacapp.c file by limiting the amount of recursion...

7.5CVSS7.4AI score0.03322EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 8:10 p.m.22 views

SQLFluff: Recursive Stack Overflow in Parser

Impact In deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any application using the parser to trigger a Denial of Service through resource exhaustion. Patches Versions 4.1.0 and up contain ...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/19 8:10 p.m.11 views

GHSA-WMHF-FQC8-VXHH SQLFluff: Recursive Stack Overflow in Parser

Impact In deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any application using the parser to trigger a Denial of Service through resource exhaustion. Patches Versions 4.1.0 and up contain ...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.17 views

PT-2026-42042

Name of the Vulnerable Software and Affected Versions SQLFluff versions prior to 4.1.0 Description In deployments where untrusted users can provide SQL queries to be linted, a malicious user can submit a query with excessive nesting. This triggers a Denial of Service through resource exhaustion i...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/08 11:12 p.m.14 views

eml_parser has recursion DoS via nested message/rfc822 attachments

Summary EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who can supply a badly crafted EML file with approximately 120 nested message/rfc822 parts triggers an unhandled RecursionError and aborts parsing of the...

6.3CVSS6AI score0.00395EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/30 10:41 a.m.8 views

CLSA-2026-1777545655 vim: Fix of 10 CVEs

CVE-2021-3928: in suggesttriewalk only credit a non-word-char boundary with SCORENONWORD when preword is non-empty, so spell suggestions do not read uninitialized memory behind preword. - CVE-2021-3974: in nfaregmatch NFAMARK / NFAMARKGT / NFAMARKLT, save reginput - regline and re-fetch regline...

7.8CVSS6.8AI score0.01864EPSS
Exploits10References1
OSV
OSV
added 2026/04/29 6:59 a.m.12 views

CLSA-2026-1777444367 vim: Fix of 9 CVEs

CVE-2021-3903: do not set VALIDBOTLINE in wvalid when the screen is not valid, preventing invalid memory access while scrolling. - CVE-2021-4069: copy the current line before regexec in exopen so the match is not using freed memory when searching for a mark flushes it. - CVE-2022-0351: limit...

9.8CVSS7.3AI score0.0145EPSS
Exploits8References1
Hacker One
Hacker One
added 2026/04/20 6:36 a.m.13 views

curl: Stack exhaustion in MIME multipart reading with deeply nested subparts

Summary: The MIME read path uses mutually recursive helpers for nested multipart structures without enforcing a recursion depth limit. A sufficiently deep tree of nested curlmimesubparts objects causes stack exhaustion when libcurl starts reading the MIME body. The attached PoC builds a deeply...

5.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/16 9:9 p.m.8 views

ChilliCream GraphQL Platform: Utf8GraphQLParser Stack Overflow via Deeply Nested GraphQL Documents

Impact Hot Chocolate's Utf8GraphQLParser is a recursive descent parser with no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types can trigger a StackOverflowException on payloads as small as 40 KB. Because...

9.1CVSS5.7AI score0.00902EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2026/03/24 3:39 p.m.10 views

CLSA-2026-1774366791 Fix CVE(s): CVE-2026-24484

SECURITY UPDATE: denial-of-service from nested multi-layer MVG-to-SVG conversions - debian/patches/CVE-2026-24484.patch: Throw VectorGraphicsNestedTooDeeply when vector-graphics nesting reaches MagickMaxRecursionDepth; fix crashes caused by unbounded nesting of graphic-context elements. -...

5.3CVSS7.2AI score0.00401EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/22 12:24 a.m.7 views

SUSE CVE-2026-23276

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels...

6.5CVSS5.7AI score0.00128EPSS
Exploits0References17
EUVD
EUVD
added 2026/03/20 9:32 a.m.10 views

EUVD-2026-13612

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels...

5.6AI score0.00128EPSS
Exploits0References4
NVD
NVD
added 2026/03/20 9:16 a.m.7 views

CVE-2026-23276

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels...

5.5CVSS0.00128EPSS
Exploits0References4
OSV
OSV
added 2026/03/20 9:16 a.m.8 views

UBUNTU-CVE-2026-23276

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/20 8:8 a.m.27 views

CVE-2026-23276 net: add xmit recursion limit to tunnel xmit functions

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels...

0.00128EPSS
Exploits0References4
Rows per page
Query Builder