Lucene search
+L

17 matches found

Github Security Blog
Github Security Blog
added 2026/06/26 4:35 p.m.7 views

Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`

Fluentd's inhttp and inforward plugins support receiving gzip-compressed data. While Fluentd correctly enforces size limits on the incoming compressed payloads e.g., via bodysizelimit or chunksizelimit, it was discovered that there is no limit enforced on the size of the decompressed data. If a...

7.5CVSS5.8AI score0.0062EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/10 12:16 a.m.26 views

CVE-2026-40988

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security 5.7.0 through 5.7.23;...

7.5CVSS0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 7:42 p.m.37 views

CVE-2026-42400 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumptio...

6.5CVSS0.00296EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 7:42 p.m.11 views

EUVD-2026-33030

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumptio...

6.5CVSS5.8AI score0.00296EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 7:42 p.m.2 views

CVE-2026-42400 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumptio...

6.5CVSS6AI score0.00296EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44511

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Uncontrolled Resource Consumption in Kibana can lead to a denial of service through excessive allocation. An authenticated user can send a specially crafted compressed request payload that is...

6.5CVSS5.8AI score0.00296EPSS
Exploits0References4
OSV
OSV
added 2026/05/13 1:36 a.m.21 views

GHSA-87M7-QFFR-542V Klever-Go MultiDataInterceptor has remote OOM via crafted compressed P2P payload

Summary A remote, unauthenticated denial-of-service vulnerability in Batch.Decompress data/batch/batch.go allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on the receiving node from a sub-50 KiB gossip payload. A single packet is...

8.6CVSS5.9AI score0.0038EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.4 views

CVE-2026-24158

NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 9:31 p.m.8 views

EUVD-2026-15013

NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References3
NVD
NVD
added 2026/03/24 9:16 p.m.10 views

CVE-2026-24158

NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS0.00405EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/24 8:26 p.m.5 views

CVE-2026-24158

NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/24 8:26 p.m.19 views

CVE-2026-24158

NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS0.00405EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/24 8:26 p.m.7 views

CVE-2026-24158

NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References4
CVE
CVE
added 2026/03/24 8:26 p.m.16 views

CVE-2026-24158

CVE-2026-24158 is documented in NVIDIA’s March 2026 Security Bulletin for the NVIDIA TRT (Triton Inference Server). The vulnerability exists in the HTTP endpoint where a large compressed payload can be used to cause a denial of service. The issue is addressed in Triton Inference Server updates, w...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27513

NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/03/21 3:26 p.m.17 views

Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form

A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service DOS condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restorepreferences form. This leads to excessive memory consumption and potential system instability,...

8.7CVSS7AI score0.00534EPSS
Exploits0References6Affected Software1
Mageia
Mageia
added 2014/07/08 10:50 p.m.45 views

Updated liblzo packages fix CVE-2014-4607

Updated liblzo packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker CVE-2014-4607...

8.8CVSS9.3AI score0.05315EPSS
Exploits1References2
Rows per page
Query Builder