Lucene search
K

5668 matches found

RedHat Linux
RedHat Linux
added 2026/03/02 9:19 a.m.6 views

gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...

5.3CVSS5.7AI score0.00638EPSS
Exploits1References5
OSV
OSV
added 2026/02/26 4:3 p.m.10 views

OPENSUSE-SU-2026:20279-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content bsc1235365. ...

7.5CVSS5.8AI score0.01956EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2026/02/26 3:17 p.m.4 views

Security update for docker

This update for docker fixes the following issues: CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. bsc1253904 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...

6.9CVSS5.4AI score0.00533EPSS
Exploits0References4
OSV
OSV
added 2026/02/26 3:17 p.m.3 views

SUSE-SU-2026:0666-1 Security update for docker

This update for docker fixes the following issues: - CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. bsc1253904...

5.3CVSS6.1AI score0.00533EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/26 2:58 p.m.5 views

CVE-2026-27888

A flaw was found in pypdf. A remote attacker can exploit this vulnerability by crafting a malicious PDF document. When a user processes this specially crafted PDF, it can lead to excessive memory consumption, resulting in a Denial of Service DoS for the affected system. This issue specifically...

8.7CVSS5.6AI score0.00348EPSS
Exploits1References7
Snyk
Snyk
added 2026/02/25 7:13 p.m.6 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via coders that handles raw pixel data output. An attacker can cause increased memory consumption and potential denial of service by repeatedly triggering image processing operations th...

7.5CVSS6AI score0.0026EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:43 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS6AI score0.00501EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:33 a.m.6 views

Missing Release of Resource after Effective Lifetime

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS6AI score0.0036EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:33 a.m.5 views

Missing Release of Resource after Effective Lifetime

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS6AI score0.0036EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:33 a.m.7 views

Missing Release of Resource after Effective Lifetime

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS6AI score0.0036EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/21 12:0 a.m.6 views

openSUSE 15 Security Update : vexctl (SUSE-SU-2026:0592-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0592-1 advisory. - Update to version 0.4.1+git78.f951e3a: - CVE-2025-22868: Unexpected memory consumption during token parsing in golang.org/x/oauth2. bsc1239186 -...

9.1CVSS7AI score0.03153EPSS
Exploits5References28
OSV
OSV
added 2026/02/20 10:16 p.m.6 views

DEBIAN-CVE-2026-27025

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...

5.5CVSS5.4AI score0.00168EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/16 10:8 a.m.6 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS5.7AI score0.00643EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/02/15 12:0 a.m.3 views

openSUSE 16 Security Update : kepler (openSUSE-SU-2026:20206-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20206-1 advisory. Update to version 0.11.3. Security issues fixed: - CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing...

5.3CVSS8.1AI score0.00502EPSS
Exploits1References6
OSV
OSV
added 2026/02/13 8:53 a.m.7 views

OPENSUSE-SU-2026:20206-1 Security update for kepler

This update for kepler fixes the following issues: Update to version 0.11.3. Security issues fixed: - CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents bsc1251427. - CVE-2025-58190: golang.org/x/net/html: excessive memory consumption...

5.3CVSS7AI score0.00502EPSS
Exploits1References4
NVD
NVD
added 2026/02/12 7:15 p.m.31 views

CVE-2026-21434

webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WTCLOSESESSION capsule containing an excessively large Application Error Message. The implementation...

7.5CVSS0.00413EPSS
Exploits0References2
NVD
NVD
added 2026/02/12 7:15 p.m.19 views

CVE-2026-21438

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

5.3CVSS0.00366EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/12 3:28 p.m.20 views

webtransport-go: Memory Exhaustion Attack due to Missing Length Check in WT_CLOSE_SESSION Capsule

Summary An attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WTCLOSESESSION capsule containing an excessively large Application Error Message. The implementation does not enforce the draft-mandated limit of 1024 bytes on this field, allowing ...

7.5CVSS6.1AI score0.00413EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/12 8:45 a.m.10 views

BIT-NGINX-INGRESS-CONTROLLER-2026-24514 ingress-nginx Admission Controller denial of service

A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the ingress-nginx...

6.5CVSS5.6AI score0.0046EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/02/12 12:38 a.m.5 views

SUSE CVE-2025-14831

A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...

5.3CVSS5.4AI score0.00638EPSS
Exploits1References14
Rows per page
Query Builder