SUSE CVE-2025-9648

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

NewStart CGSL MAIN 6.06 : qemu Multiple Vulnerabilities (NS-SA-2025-0227)

The remote NewStart CGSL host, running version MAIN 6.06, has qemu packages installed that are affected by multiple vulnerabilities: - A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPIC...

NewStart CGSL MAIN 6.06 : ncurses Multiple Vulnerabilities (NS-SA-2025-0223)

The remote NewStart CGSL host, running version MAIN 6.06, has ncurses packages installed that are affected by multiple vulnerabilities: - In ncurses 6.0, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

CVE-2025-9648

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

CVE-2025-9648

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

CVE-2025-9648 Denial of Service in CivetWeb

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

CVE-2025-9648 Denial of Service in CivetWeb

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

AlmaLinux 9 : python3.12 (ALSA-2025:15007)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:15007 advisory. cpython: Cpython infinite loop when parsing a tarfile CVE-2025-8194 Tenable has extracted the preceding description block directly from the AlmaLinux security...

CivetWeb 安全漏洞

CivetWeb is an easy-to-use, powerful, C/C++-embeddable web server from Civetweb open source with optional CGI, SSL and Lua support. A security vulnerability exists in CivetWeb that stems from the mghandleformrequest function entering an infinite loop when parsing a specially crafted HTTP POST...

PT-2025-39825

Name of the Vulnerable Software and Affected Versions CivetWeb versions prior to 1.08 Description A flaw in the mg handle form request function within the CivetWeb library can be exploited to cause a denial of service DoS condition. Sending a specially crafted HTTP POST request with a null byte i...

FreeBSD : quiche -- Infinite loop triggered by connection ID retirement (32bdeb94-9958-11f0-b6e2-6805ca2fa271)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 32bdeb94-9958-11f0-b6e2-6805ca2fa271 advisory. Quiche Releases reports: This update includes 1 security fix: Tenable has extracted the preceding...

kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

A use-after-free UAF vulnerability, which also presents a potential infinite loop condition, has been resolved in the Linux kernel. This flaw affects the HFSC Hierarchical Fair Service Curve queuing discipline when it is used in conjunction with NETEM Network Emulation. A malicious user could...

kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

A use-after-free UAF vulnerability, which also presents a potential infinite loop condition, has been resolved in the Linux kernel. This flaw affects the HFSC Hierarchical Fair Service Curve queuing discipline when it is used in conjunction with NETEM Network Emulation. A malicious user could...

kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

A use-after-free UAF vulnerability, which also presents a potential infinite loop condition, has been resolved in the Linux kernel. This flaw affects the HFSC Hierarchical Fair Service Curve queuing discipline when it is used in conjunction with NETEM Network Emulation. A malicious user could...

kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

A use-after-free UAF vulnerability, which also presents a potential infinite loop condition, has been resolved in the Linux kernel. This flaw affects the HFSC Hierarchical Fair Service Curve queuing discipline when it is used in conjunction with NETEM Network Emulation. A malicious user could...

kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

A use-after-free UAF vulnerability, which also presents a potential infinite loop condition, has been resolved in the Linux kernel. This flaw affects the HFSC Hierarchical Fair Service Curve queuing discipline when it is used in conjunction with NETEM Network Emulation. A malicious user could...

cpython: Cpython infinite loop when parsing a tarfile

A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module...

RHEL 8 : python3 (RHSA-2025:16262)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16262 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop via the nghttp2 process. An attacker can exhaust CPU resources by sending specially crafted DNS over HTTPS exchanges that trigger an unbounded I/O read loop. This is only exploitable if the system is configured to use the...

cpython: Cpython infinite loop when parsing a tarfile

A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module...