13131 matches found
Allocation of Resources Without Limits or Throttling
Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the decompression chain. An attacker can cause high CPU usage and excessive memory allocation by...
Allocation of Resources Without Limits or Throttling
Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the decompression chain. An attacker can cause high CPU usage and excessive memory allocation by sending HTTP...
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...
CVE-2025-71102
In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...
CVE-2025-71102
In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...
UBUNTU-CVE-2025-71102
In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...
CVE-2025-71138 drm/msm/dpu: Add missing NULL pointer check for pingpong interface
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add missing NULL pointer check for pingpong interface It is checked almost always in dpuencoderphyswbsetupctl, but in a single place the check is missing. Also use convenient locals instead of physenc- where availabl...
CVE-2025-71102 scs: fix a wrong parameter in __scs_magic
In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...
CVE-2025-71102
In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...
CVE-2025-71102
In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...
CVE-2025-71102
CVE-2025-71102 affects the Linux kernel with a bug in shadow call stack handling: __scs_magic() received a struct task_struct* instead of the required void*. This caused scs_check_usage to scan an incorrect memory range when CONFIG_DEBUG_STACK_USAGE is enabled, potentially yielding inaccurate sha...
CVE-2025-71102 scs: fix a wrong parameter in __scs_magic
In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...
USN-7961-1 erlang vulnerability
It was discovered that Erlang incorrectly validated peer certificates when incorrect extended key usage was presented. A remote attacker could possibly use this issue to bypass SSL key usage restrictions...
USN-7961-1: Erlang vulnerability
It was discovered that Erlang incorrectly validated peer certificates when incorrect extended key usage was presented. A remote attacker could possibly use this issue to bypass SSL key usage restrictions...
kernel: can: j1939: implement NETDEV_UNREGISTER notification handler
A flaw was discovered in the J1939 protocol implementation in the Linux kernel. The NETDEVUNREGISTER notification handler was missing for undoing changes performed by j1939skbind. As a result, an extra reference remains on the j1939priv structure when unregistering a network device, preventing it...
Denial-of-Service (DoS)
Marshmallow is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to inefficient processing in Schema.loaddata, many=True, where moderately sized inputs can trigger excessive CPU consumption, allowing attackers to degrade service availability through crafted requests...
Ubuntu 24.04 LTS : Erlang vulnerability (USN-7961-1)
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7961-1 advisory. It was discovered that Erlang incorrectly validated peer certificates when incorrect extended key usage was presented. A remote attacker could possibly use this...