86 matches found
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Crowd Data Center
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity HTTP Request Smuggling vulnerability was introduced in versions 6.2.0, 6.3.0, 7.0.0, 7.1.0, 7.2.0 of Crowd Data Center. This HTTP...
GHSA-RCVQ-M9J9-6F4G @hapi/inert has a static-file confinement bypass via sibling-prefix path
Impact @hapi/inert serves static files from a directory configured with path in the directory / file handlers or relativeTo for h.file, with confinement enforced by the confine option default true. Before the patch, the confinement check compared the resolved absolute path against the confine...
Use of Uninitialized Resource
Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the SquashFS archive handler due to uninitialized memory in the blockToNode array. An attacker can cause denial of service or potentially disclose heap information by providing a crafted SquashFS image...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ParseDepedencyExpression function of the UEFI firmware image parser when an attacker provides a specially crafted opcode value. An attacker can cause a denial of service or potentially disclose minor informatio...
GHSA-RXV8-25V2-QMQ8 React Router vulnerable to Denial of Service via reflected user input in single-fetch
A DoS vulnerability exists in the React Router v7 Framework Mode, as well as Remix v2.9.0+ with Single Fetch enabled. In some scenarios the underlying serialization algorithm can become a bottleneck when encoding specific types of data into server responses. Please upgrade to React Router v7.14.0...
Linux Distros Unpatched Vulnerability : CVE-2026-5245
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler...
Linux Distros Unpatched Vulnerability : CVE-2026-5246
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mgtlsverifycertsignature of the file mongoose.c of the component P-384...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateCustomVolumeFromBackup process. An attacker can cause the daemon to crash by importing a crafted backup archive containing a null entry in the volumesnapshots array, which leads to a nil-pointer...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the imgPostURLInfo function. An attacker can cause the server to initiate outbound HTTP HEAD requests to arbitrary endpoints by supplying a crafted URL during the image import preflight stage. This c...
JLSEC-2026-373
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be...
JLSEC-2026-369 A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function...
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...
JLSEC-2026-370 A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function...
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...
CVE-2026-6985
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...
CVE-2026-6985
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...
DEBIAN-CVE-2026-6985
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...
CVE-2026-6985
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...
CVE-2026-6985
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...