38132 matches found
PT-2026-39089
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The usb control msg, usb bulk msg, and usb interrupt msg APIs in usbcore allow unlimited timeout durations. Because these APIs utilize uninterruptible waits, a task can be hung...
PT-2026-39072
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A divide-by-zero exception occurs in the tipc sk filter connect function. A user can set the conn timeout variable to a value between 0 and 3 using setsockoptTIPC CONN TIMEOUT. When a SY...
UBUNTU-CVE-2026-40213
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
CVE-2026-33814
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
CVE-2026-33814
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty
Summary IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token wi...
kernel: out-of-bound read in memcpy_fromiovecend()
A flaw was found in the Linux kernel that allows the userspace to call memcpyfromiovecend and similar functions with a zero offset and buffer length. This can cause a read beyond the buffer boundaries flaw and, in certain cases, cause a memory access fault and a system halt by accessing invalid...
CVE-2026-33814
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
CVE-2026-33814
CVE-2026-33814 describes an infinite loop in HTTP/2 transport when a SETTINGS_MAX_FRAME_SIZE value of 0 is processed in net/http/internal/http2 (golang.org/x/net). Affected component is the HTTP/2 transport; root cause is improper handling of SETTINGS frames causing repeated CONTINUATION frames, ...
CVE-2026-33814
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
EUVD-2026-28420
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
CVE-2026-33814
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...
Infinite loop
Overview golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go. Affected versions of this package are vulnerable to Infinite loop. Go Vulnerability Report: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receiv...
CVE-2026-41904
creationtimestamp| type| source ---|---|--- 2026-05-07 19:21:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlbwrjfhau2r...
Denial Of Service (DoS)
brace-expansion is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of brace patterns with a zero step value, which allows an attacker to trigger infinite loops and excessive memory consumption...
NPM: Compromised version of intercom-client published to npm
NPM: Compromised version of intercom-client published to npm vulnerability discovered by ? in WordPress Npm intercom-client versions 7.0.4...
kernel: out-of-bound read in memcpy_fromiovecend()
A flaw was found in the Linux kernel that allows the userspace to call memcpyfromiovecend and similar functions with a zero offset and buffer length. This can cause a read beyond the buffer boundaries flaw and, in certain cases, cause a memory access fault and a system halt by accessing invalid...
kernel: out-of-bound read in memcpy_fromiovecend()
A flaw was found in the Linux kernel that allows the userspace to call memcpyfromiovecend and similar functions with a zero offset and buffer length. This can cause a read beyond the buffer boundaries flaw and, in certain cases, cause a memory access fault and a system halt by accessing invalid...