391 matches found
EUVD-2026-42203
The application opens a PDF, but the cloud-like appearance of the construction process lacks proper setting of an upper limit and consistency checks. Out-of-bounds access to the underlying array is exposed, ultimately leading to a crash of the application...
Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service
Summary NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a DataUpload message without an upper-bound check. Although the DRPC wire limit is 4 MiB, the FileSize value itself was unconstrained Impact An authenticated user able to...
Linux Distros Unpatched Vulnerability : CVE-2026-53220
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been...
CVE-2026-53317
CVE-2026-53317 concerns the Linux kernel wifi driver stack (mt76/mt7921). A station AID value greater than 20 could trigger a firmware crash on AP interfaces (IFTYPE_AP) when a modified hostapd allocates AIDs starting at a high value (65 in testing). The issue is mitigated by a fix that imposes a...
PT-2026-52956
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A firmware crash occurs in the mt7921 wifi driver when a station is configured with an Association Identifier AID greater than 20. This issue specifically affects IFTYPE AP interfaces an...
CVE-2026-53220
In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A...
UBUNTU-CVE-2026-53220
In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A...
EUVD-2026-39311
In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A...
CVE-2026-53220
CVE-2026-53220 affects the Linux kernel netfilter bridge path. ebt_redirect_tg() dereferences br_port_get_rcu() without a NULL check when a bridge port has been removed between the original hook and an NFQUEUE reinject, potentially causing a local kernel panic. Attack surface includes scenarios w...
PT-2026-52315
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter component where the ebt redirect tg function dereferences the return value of br port get rcu without a NULL check. This can lead to a kernel panic if a...
CURL-CVE-2026-11586 WS Auto-PONG memory exhaustion
By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...
UBUNTU-CVE-2026-46330
In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, the TCP ULP support for SMC is fundamentally broken. The implementation attempts to convert an acti...
CVE-2026-46330
In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, the TCP ULP support for SMC is fundamentally broken. The implementation attempts to convert an acti...
DEBIAN-CVE-2026-36499
A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...
UBUNTU-CVE-2026-36499
A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...
EUVD-2026-34317
A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...
CVE-2026-36499
A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...
PT-2026-46314
Name of the Vulnerable Software and Affected Versions Open vSwitch version 3.6.90 Description A missing upper-bound check in the udpif set threads function allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can lead to a denial of...
CVE-2026-36499
Open vSwitch v3.6.90 contains a missing upper-bound check in udpif_set_threads(); with OVSDB write access, an attacker can request excessive handler/revalidation threads, causing DoS via resource exhaustion. Documented across NVD entries and vuln lists; exploitation status is not detailed in the ...
CVE-2026-36499
A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...