SUSE CVE-2026-3949

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the vvdecpushdata2 function of the HEIF File Parser component. An attacker can cause an out-of-bounds read by manipulating the size argument during local exploitation. Remediation A fix was pushed into the master...

CVE-2026-23835 LobeHub Vulnerable to Improper Authorization in Presigned Upload

LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in Knowledge Base File Upload does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arbitra...

CVE-2026-23835

LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in Knowledge Base File Upload does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arbitra...

LobeHub security vulnerability

LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 1.143.3 contained security vulnerabilities. These vulnerabilities stemmed from the file upload feature not verifying the integrity of requests and allowing manipulation of the file size parameter...

PT-2026-1528

Name of the Vulnerable Software and Affected Versions versions prior to 2025 Description A memory corruption issue exists when handling buffer mapping operations within the cryptographic driver. The issue involves a flaw in how the driver manages memory, potentially leading to crashes or unexpect...

EUVD-2016-7098

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-9511

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The...

CVE-2024-12650

An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications...

Synology DSM HTTP/2 Implementations Window Size and Stream Prioritization Manipulation (CVE-2019-9511)

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

Oracle Linux 8 : bind9.16 (ELSA-2023-4100)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4100 advisory. 32:9.16.23-14.1 - Improve RBT overmem cache cleaning CVE-2023-2828 Tenable has extracted the preceding description block directly from the Oracle Linux security...

SUSE CVE-2019-9511

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

CVE-2021-26635

In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code...

Stack overflow

In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code...

EulerOS 2.0 SP3 : nginx (EulerOS-SA-2021-1101)

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of...

EulerOS 2.0 SP2 : nginx (EulerOS-SA-2020-2372)

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of...

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

openSUSE: Security Advisory for nghttp2 (openSUSE-SU-2019:2232-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: A security vulnerability has been identified in nginx shipped with PowerAI Vision

Summary Multiple vulnerabilities CVE-2019-9516, CVE-2019-9515, CVE-2019-9517, CVE-2019-9518, CVE-2019-9511, CVE-2019-9513 in nginx Vulnerability Details CVEID: CVE-2019-9516 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The...

Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities in Node.js CVE-2019-9511, CVE-2019-9516, CVE-2019-9512, CVE-2019-9517, CVE-2019-9518, CVE-2019-9515, CVE-2019-9513, CVE-2019-9514 Vulnerability Details CVEID: CVE-2019-9511 DESCRIPTION: Some HTTP/2 implementation...