Lucene search
K

4226 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes...

4.3CVSS5.9AI score0.00194EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-9375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to...

8.9CVSS7AI score0.00622EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 7:53 p.m.16 views

CVE-2026-49337

CVE-2026-49337 affects libde265 prior to 1.0.20. A crafted sequence of H.265 NAL units lets decoder_context::read_slice_NAL() attach slice headers to a finished picture object with no active image unit, causing attacker-controlled unbounded heap growth. The headers are retained until the picture ...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 7:16 p.m.7 views

CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS0.00304EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 7:16 p.m.15 views

DEBIAN-CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS6.3AI score0.00304EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/19 6:45 p.m.6 views

CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS7.5AI score0.00304EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/19 6:45 p.m.18 views

CVE-2026-9375 Decompression Bomb Bypass via Negative max_length in Streaming API in urllib3

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS0.00304EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 6:45 p.m.4 views

CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS7.5AI score0.00304EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 6:45 p.m.25 views

CVE-2026-9375

urllib3 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API when Brotli is enabled and preload_content is False. Three code paths in response.py bypass the max_length protection added in 2.6.0 to mitigate CVE-2025-66471: (1) negative max_length can result from buffer arithmeti...

7.5CVSS7.5AI score0.00304EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 2:16 p.m.10 views

CVE-2026-48137

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially...

9.8CVSS0.00549EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 2:16 p.m.13 views

CVE-2026-48138

There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions...

8.7CVSS0.00343EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 1:16 p.m.21 views

CVE-2026-48138

CVE-2026-48138 affects NI’s grpc-device streaming API and is an out-of-bounds read caused by a missing bounds check. Affected versions are NI grpc-device 2.17.0 and earlier. The vulnerability can lead to denial of service when an attacker sends a specially crafted write request. Exploitation deta...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 1:16 p.m.31 views

CVE-2026-48138 Out-of-bounds read vulnerability in the NI grpc-device streaming API

There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions...

8.7CVSS0.00343EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 1:5 p.m.29 views

CVE-2026-48137 Untrusted pointer dereference in NI grpc-device sideband streaming API

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially...

9.3CVSS0.00549EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Return queued buffers on startstreaming failure Buffers are returned if streaming fails to start due to a uvcpmget error. This bug may be responsible for the warning I received when running: while :; do yavta -c3...

7.8CVSS5.7AI score0.00128EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Wireshark

RTSP protocol dissector crashes in Wireshark versions 4.6.0 to 4.6.4...

5.5CVSS5.8AI score0.00124EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Fixed streaming cleanup upon release. The current implementation mxcisivideocleanupstreaming in mxcisivideorelease. This can lead to situations where any release call such as from a simple v4l2-ctl -l may...

5.7AI score0.00166EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear the FFR context field in streaming SVE mode The FFR is a predicate register whose size can range from 16 to 256 bits, depending on the configured vector length. When saving the SVE state in streamin...

6.2AI score0.00182EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: camss: Clean up received buffers on failed start of streaming It is necessary to return the received buffers if streaming cannot be started. For example, mediapipelinestart may fail with an EPIPE error if a link validation...

5.2AI score0.00216EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: vsp1: Replace vb2isstreaming with vb2startstreamingcalled. The vsp1 driver uses the vb2isstreaming function in its .bufqueue handler to check whether the .startstreaming operation has been called. It then decides whether t...

5.5CVSS5.6AI score0.0015EPSS
Exploits0References2
Rows per page
Query Builder