Lucene search
K

160 matches found

Vulnrichment
Vulnrichment
added 2026/04/09 2:44 p.m.5 views

CVE-2026-5438 Gzip Decompression Bomb via Content-Encoding Header

A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with Content-Encoding: gzip. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive...

5.8AI score0.00484EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:44 p.m.4 views

CVE-2026-5438

A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with Content-Encoding: gzip. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive...

5.9AI score0.00484EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/09 2:44 p.m.4 views

CVE-2026-5438

A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with Content-Encoding: gzip. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive...

7.5CVSS5.3AI score0.00484EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-5438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with Content-Encoding: gzip. The server does not enforce limits on decompress...

7.5CVSS5.9AI score0.00484EPSS
Exploits0References3
Fedora
Fedora
added 2026/03/28 12:46 a.m.9 views

[SECURITY] Fedora 43 Update: suricata-7.0.15-1.fc43

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/03/28 12:19 a.m.8 views

[SECURITY] Fedora 44 Update: suricata-8.0.4-1.fc44

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/21 12:0 a.m.7 views

Fedora 43 : cpp-httplib (2026-c2049f7220)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c2049f7220 advisory. Update to 0.37.0 rhbz2441656 - Fixes Denial of Service via crafted HTTP POST request CVE-2026-29076, rhbz2445663 Update to 0.35.0 - Payload size lim...

7.5CVSS6AI score0.00602EPSS
Exploits4References5
Cvelist
Cvelist
added 2026/03/04 7:36 p.m.35 views

CVE-2026-28435 Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies in cpp-httplib

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib httplib.h does not enforce Server::setpayloadmaxlength on the decompressed request body when using HandlerWithContentReader streaming ContentReader with Content-Encoding: gzip or other...

7.5CVSS0.00418EPSS
Exploits1References2
OSV
OSV
added 2026/03/04 7:36 p.m.5 views

CVE-2026-28435 Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies in cpp-httplib

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib httplib.h does not enforce Server::setpayloadmaxlength on the decompressed request body when using HandlerWithContentReader streaming ContentReader with Content-Encoding: gzip or other...

7.5CVSS5.6AI score0.00418EPSS
Exploits1References4
Fedora
Fedora
added 2025/11/17 2:59 a.m.18 views

[SECURITY] Fedora 42 Update: suricata-7.0.13-1.fc42

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC and SCALANCE Integer Overflow to Buffer Overflow (CVE-2025-0725)

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. This plugin only works with Tenable.ot. Please...

7.3CVSS6.8AI score0.01218EPSS
Exploits1References5
Fedora
Fedora
added 2025/10/25 9:19 p.m.9 views

[SECURITY] Fedora 43 Update: suricata-7.0.12-1.fc43

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

7.5CVSS6.9AI score0.00344EPSS
Exploits0
Fedora
Fedora
added 2025/10/19 2:39 a.m.7 views

[SECURITY] Fedora 42 Update: suricata-7.0.12-1.fc42

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

7.5CVSS6.9AI score0.00344EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2025-987462)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987462 advisory. When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, a...

7.3CVSS6.7AI score0.01218EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-1837

Malicious code in bioql PyPI...

7.3CVSS6.2AI score0.01218EPSS
Exploits1References9
Fedora
Fedora
added 2025/08/21 12:55 a.m.8 views

[SECURITY] Fedora 42 Update: suricata-7.0.11-1.fc42

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

7.5CVSS6.9AI score0.00432EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/08/01 5:42 p.m.3 views

jetty-server: Jetty: Gzip Request Body Buffer Corruption

A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data fro...

7.2CVSS7.1AI score0.00453EPSS
Exploits0References6
F5 Networks
F5 Networks
added 2025/05/14 6:19 a.m.15 views

K000151312: cURL vulnerability CVE-2025-0725

Security Advisory Description When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. CVE-2025-0725...

7.3CVSS6.7AI score0.01218EPSS
Exploits1
OpenVAS
OpenVAS
added 2025/05/13 12:0 a.m.4 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-1502)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3CVSS7.5AI score0.01218EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/05/12 12:0 a.m.6 views

EulerOS 2.0 SP10 : curl (EulerOS-SA-2025-1503)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option,using zlib...

7.3CVSS6.8AI score0.01218EPSS
Exploits1References2
Rows per page
Query Builder