128 matches found
AZL-71563 CVE-2025-65637 affecting package cni-plugins for versions less than 1.3.0-10
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...
AZL-71534 CVE-2025-65637 affecting package influxdb for versions less than 2.7.5-10
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...
DEBIAN-CVE-2025-65637
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...
Logrus 安全漏洞
Logrus is a logging library for Go by the individual developer Simon Eskildsen. A security vulnerability exists in Logrus versions prior to 1.8.3, 1.9.0, and 1.9.2, which stems from a denial of service that can be caused by logging a single line with a payload greater than 64KB...
CVE-2025-65637
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...
CVE-2025-65015 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...
SpiceDB WriteRelationships fails silently if payload is too big
Impact Users who 1. use the exclusion operator somewhere in their authorization schema 1. have configured their SpiceDB server such that --write-relationships-max-updates-per-call is bigger than 6500 1. issue calls to WriteRelationships with a large enough number of updates that cause the payload...
GHSA-PM3X-JRHH-QCR7 SpiceDB WriteRelationships fails silently if payload is too big
Impact Users who 1. use the exclusion operator somewhere in their authorization schema 1. have configured their SpiceDB server such that --write-relationships-max-updates-per-call is bigger than 6500 1. issue calls to WriteRelationships with a large enough number of updates that cause the payload...
CVE-2025-64529
SpiceDB prior to v1.45.2 is affected when the exclusion operator is used and a per-call payload is large due to --write-relationships-max-updates-per-call > 6500. In this scenario, WriteRelationships can return success for a failed operation and produce incorrect permission results if the affe...
EUVD-2018-0299
Malware in sbrugna...
CVE-2022-50345
CVE-2022-50345 refers to a Linux kernel NFSD issue affecting NFSv3 READ, where the send buffer overflow risk stems from how NFSD tallies RPC pages for request/response. Multiple vendor advisories (e.g., ALAS2KERNEL-5.15-2025-090 and ALAS2KERNEL-5.10-2025-106) indicate the vulnerability has been r...
CVE-2025-59328
CVE-2025-59328 describes a DoS vulnerability in the Apache Fory library caused by insecure deserialization of untrusted data. A remote attacker can submit a large, crafted payload that, when deserialized, fuels high CPU usage, leading to CPU exhaustion and unresponsiveness of the affected applica...
CVE-2025-58754
Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...
CVE-2025-58754
Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...
Axios is vulnerable to DoS attack through lack of data size check
Summary When Axios runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory Buffer/Blob and returns a synthetic 200 response. This path ignores maxContentLength / maxBodyLength which only protect HTTP...
CVE-2024-47212
An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...
CVE-2024-47212
An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...
CVE-2024-47212
An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...
Discourse: Application Level DoS - Large Markdown Payload in Reply Section Leading to Resource Exhaustion
A Denial of Service DoS vulnerability was identified in the reply section of the web application. Submitting an excessively large markup payload approximately 800,000 characters resulted in the server taking 30 seconds to respond before returning an HTTP/2 502 Bad Gateway error, indicating...
GHSA-FFH5-W482-C7M5 InvokeAI Uncontrolled Resource Consumption vulnerability
A Denial of Service DoS vulnerability was discovered in the /api/v1/boards/boardid endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the boardname field during a PATCH request. By sending a large payload, the UI becomes...