20 matches found
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
CVE-2026-40980
In Spring AI, a memory exhaustion vulnerability exists in the ForkPDFLayoutTextStripper when processing a malicious PDF. Affected versions are Spring AI 1.0.0–1.0.5 (fixed in 1.0.6) and 1.1.0–1.1.4 (fixed in 1.1.5). The CVSS data indicates availability impact is High, with network attack and low ...
CVE-2026-40894 OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers
OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...
UBUNTU-CVE-2026-34516
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....
Citrix NetScaler ADC和Citrix NetScaler Gateway 安全漏洞
Citrix NetScaler ADC and Citrix NetScaler Gateway are both products of the American company Citrix. Citrix NetScaler ADC is an application delivery and security platform. Citrix NetScaler Gateway is a solution for secure remote access. Both Citrix NetScaler ADC and Citrix NetScaler Gateway have...
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
CLSA-2025-1746655592 grafana: Fix of CVE-2025-30204
CVE-2025-30204: update golang-jwt/jwt to v4.5.2 to prevent a vulnerability that could lead to excessive memory allocation when parsing untrusted JWT tokens using ParseUnverified...
In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.
...
OESA-2023-1822 skopeo security update
A command line utility that performs various operations on container images and image repositories Security Fixes: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data...
apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system...
Apache Avro Code Issue Vulnerability
Apache Avro is a data serialization system of the United States Apache Apache Foundation. It provides data serialization and data exchange services for Apache Hadoop. A code issue vulnerability exists in Apache Avro Java SDK version 1.11.2 and prior versions, which stems from a reader that may...
OESA-2023-1596 binutils security update
The GNU Binutils are a collection of binary tools. The main ones are: ld - the GNU linker. as - the GNU assembler. addr2line - Converts addresses into filenames and line numbers. ar - A utility for creating, modifying and extracting from archives. c++filt - Filter to demangle encoded C++ symbols...
Apache Any23 Denial of Service Vulnerability
Apache Any23 is a library, web service, and command-line tool from the Apache Foundation USA. Apache Any23 suffers from a denial of service vulnerability due to a usage flaw in TikaEncodingDetector. An attacker could exploit this vulnerability to cause memory overuse...
Apache Any23 输入验证错误漏洞
Apache Any23 is a library, web service, and command-line tool from the Apache Foundation USA. Apache Any23 suffers from a denial of service vulnerability due to a usage flaw in TikaEncodingDetector. An attacker could exploit this vulnerability to cause memory overuse...
SUSE CVE-2018-20125
hw/rdma/vmw/pvrdmacmd.c in QEMU allows attackers to cause a denial of service NULL pointer dereference or excessive memory allocation in createcqring or createqprings...
CVE-2022-25231
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...
Apache Avro 安全漏洞
Apache Avro is a data serialization system of the United States Apache Apache Foundation. It provides data serialization and data exchange services for Apache Hadoop. A security vulnerability exists in Apache Avro Rust SDK prior to version 0.14.0, which originates from consuming more memory than...
Red Hat OpenShift 资源管理错误漏洞
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. Red Hat OpenShift GitOps 1.5 suffers from a resource management error vulnerability that stems from vulnerability to uncontrolled...
golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...
Medium: libxml2
Issue Overview: A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.CVE-2015-8242 A denial of service flaw w...