Lucene search
K

2494 matches found

OSV
OSV
added 2026/06/23 12:59 p.m.7 views

JLSEC-2026-624 HTTP/2 client HPACK desynchronization via header blocks for unknown streams in HTTP.jl

Description The HTTP/2 client's processincomingframe! dropped HEADERS/CONTINUATION frames for stream ids absent from conn.streams without passing the header block through the connection's HPACK decoder. Because HPACK's dynamic table is connection-scoped and mutated as a side effect of decoding ea...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/23 12:59 p.m.6 views

JLSEC-2026-611 Unbounded HTTP/2 concurrent streams and Rapid Reset denial of service in HTTP.jl server

Description The HTTP.jl HTTP/2 server advertised an empty initial SETTINGS frame, leaving SETTINGSMAXCONCURRENTSTREAMS effectively unlimited, and the HEADERS code path allocated per-stream state, a send-window entry, and a Threads.@spawned handler with no check on the number of open streams...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51589

Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-bad affected versions not specified Description A flaw in the H.266 parser occurs when processing a malformed H.266/VVC video stream containing a crafted aspect ratio indicator value. This leads to an out-of-bounds read o...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References15
NVD
NVD
added 2026/06/22 9:16 p.m.8 views

CVE-2026-49460

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...

5.1CVSS0.00117EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:16 p.m.4 views

UBUNTU-CVE-2026-49460

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...

5.1CVSS5.8AI score0.00117EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/22 8:28 p.m.23 views

CVE-2026-49460 pypdf: Inefficient decoding of FlateDecode PNG predictor streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...

5.1CVSS0.00117EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 6:16 p.m.10 views

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS0.00393EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:10 p.m.4 views

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS5.9AI score0.00393EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 10:59 a.m.5 views

kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References5
OSV
OSV
added 2026/06/19 9:17 p.m.10 views

DEBIAN-CVE-2026-49346

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the Media streams API in Google Chrome prior to version 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS7.6AI score0.015EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: prevents a hang during link training failure. Why When link training fails, the phy clock will be disabled. However, in “enablestreams”, it is assumed that link training was successful, and the mux selects the ph...

5.5CVSS6.1AI score0.00217EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Chromium

Before version 125.0.6422.141, the Streams API in Google Chrome allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00892EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in pypdf2

PyPDF2 is an open-source Python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5, an attacker who exploited this vulnerability could create a PDF that would cause an infinite loop if the PyPDF2 code attempted to access the...

6.2CVSS6AI score0.01317EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Poor management of ownership led to a “use-after-free” vulnerability in ReadableByteStreams. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...

8.8CVSS7.3AI score0.00787EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in libgit2

A issue was discovered in libgit2 before versions 0.28.4 and 0.9x before version 0.99.0. path.c improperly handles equivalent filenames that exist due to NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352...

9.8CVSS9.1AI score0.0511EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51098

Name of the Vulnerable Software and Affected Versions py7zr versions prior to 1.1.3 Description A denial of service issue exists where a crafted .7z archive with a large numstreams value causes excessive CPU consumption. This occurs because the PackInfo. read function in archiveinfo.py uses an On...

6.9CVSS5.9AI score
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.9 views

netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a large number of HTTP/2 stream requests to a Netty HTTP/2 server. If the server does not explicitly limit concurrent streams, it can lead to the allocation of numerous long-liv...

5.3CVSS5.3AI score0.00292EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.6 views

netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a large number of HTTP/2 stream requests to a Netty HTTP/2 server. If the server does not explicitly limit concurrent streams, it can lead to the allocation of numerous long-liv...

5.3CVSS5.3AI score0.00292EPSS
Exploits0References7
Veracode
Veracode
added 2026/06/16 7:23 p.m.8 views

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to improper management of blocked streams in the HTTP/3 codec, which allows an attacker to create an unlimited number of blocked streams and exhaust memory, leading to an out-of-memory condition and service disruption...

7.5CVSS5.2AI score0.00366EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder