5668 matches found
Missing Release of Memory after Effective Lifetime
Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Missing Release of Memory after Effective Lifetime
Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS
Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...
SUSE SLES15: docker-stable / docker-stable-bash-completion / etc (SUSE-SU-2026:0972-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0972-1 advisory. - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption...
Security Bulletin: Vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerabilities have been identified that affect IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-47914 DESCRIPTION: SSH Agent...
Rails Active Support has a possible DoS vulnerability in its number helpers
Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...
CVE-2026-33123 pypdf has inefficient decoding of array-based streams
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...
GHSA-PP9R-XG4C-8J4X Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing
Summary Salvo's form data parsing implementations formdata method and Extractible macro do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory OOM conditions by sending extremely large payloads, leading to service crashes and...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: grafana-pcp (UTSA-2026-006197)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006197 advisory. The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the...
CVE-2026-2581 undici is vulnerable to Unbounded Memory Consumption in in Undici's DeduplicationHandler via Response Buffering leads to DoS
This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...
CVE-2026-2581
This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...
CVE-2026-2581
Undici (deduplication interceptor) is affected by CVE-2026-2581: when interceptors.deduplicate() is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers, especially with large or chunked responses and concurrent identical requests, causing high m...
SUSE: Security Advisory (SUSE-SU-2026:20578-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2026:0840-1 Security update for grpc
This update for grpc fixes the following issue: - CVE-2023-33953: unbounded memory and CPU consumption in the HPACK parser leads to remote DoS bsc1214148...
NewStart CGSL MAIN 6.06 (SP) : chrony Multiple Vulnerabilities (NS-SA-2026-0009)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has chrony packages installed that are affected by multiple vulnerabilities: - chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers t...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...
SUSE-SU-2026:20651-1 Security update for docker
This update for docker fixes the following issues: - CVE-2025-58181: an invalid number of mechanisms may cause unbounded memory consumption bcs1253904...
SUSE SLED15: docker / docker-bash-completion / docker-buildx / etc (SUSE-SU-2026:0666-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0666-1 advisory. - CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded...