102 matches found
OESA-2026-2193 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...
OESA-2026-2192 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...
Security Bulletin: Vulnerabilities in python affects IBM Netezza Appliance
Summary The python package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-12084, CVE-2025-13836 Vulnerability Details CVEID:CVE-2025-12084 DESCRIPTION: When building nested elements using xml.dom.minidom methods such as appendChild that have a...
Security Bulletin: Vulnerability in platform-python affects IBM Netezza Appliance
Summary The platform-python package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-13836 Vulnerability Details CVEID:CVE-2025-13836 DESCRIPTION: When reading an HTTP response from a server, if no read amount is specified, the default behavior wi...
CVE-2026-35405 libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique namespaces in a loop and the server happily accepts...
AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS
Summary For some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. Impact If an application uses Request.post an attacker can send a specially crafted multipart request to force significant temporary memory allocation even when the request is ultimate...
CVE-2026-33349
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...
Security Bulletin: IBM Datapower Operations Dashboard could allocate unbounded memory and crash (DoS) CVE-2025-58754
Summary Axios is used by the IBM Datapower Operations Dashboard for their HTTP Client for node.js and the browser Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions...
CVE-2026-29112
DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...
CVE-2026-20021
A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service DoS condition. Thi...
nats-server websockets are vulnerable to pre-auth memory DoS
Impact The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. The implementation bound the memory size of a NATS message but did not independently bound the memory consumption of the memory stream when constructing a NATS message which migh...
USN-8023-1 libxmltok vulnerabilities
It was discovered that Expat, contained within the xmltok library, incorrectly handled the initialization of parsers for external entities. An attacker could possibly use this issue to cause a denial of service. CVE-2026-24515 It was discovered that Expat, contained within the xmltok library,...
CVE-2026-25224 Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...
Medium: python3.12
Issue Overview: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 When reading an HTTP response from a server, i...
Unity Linux 20.1070e Security Update: activemq (UTSA-2025-993345)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993345 advisory. Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Axios (CVE-2025-58754)
Summary A vulnerability in Axios that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a...
CVE-2025-61919
CVE-2025-61919 : Rack’s Rack::Request#POST reads the entire body into memory for application/x-www-form-urlencoded and can cause DoS via memory exhaustion in affected versions prior to 2.2.20, 3.1.18, and 3.2.3. The fix enforces form parameter limits (query_parser.bytesize_limit) and prevents unb...
Security Bulletin:IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to multiple vulnerabilities
Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the applicable CVEs. For a...
EUVD-2018-7348
Malware in sbrugna...
EUVD-2024-0902
Malicious code in bioql PyPI...