5669 matches found
CVE-2026-57220
RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame length...
CVE-2026-12590
A flaw was found in body-parser. When the parser is configured with an invalid limit option, such as an unparseable string or a non-numeric value, the request body size check is bypassed. This allows a remote attacker to send arbitrarily large payloads, consuming excessive memory and CPU resource...
OPENSUSE-SU-2026:21210-1 Security update for google-osconfig-agent
This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
CVE-2026-54270
A flaw was found in protobufjs. This library compiles protobuf definitions into JavaScript JS functions. A remote attacker could send a specially crafted protobuf payload containing numerous unknown fields. This could cause the decoded message to retain substantially more memory than expected,...
gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification
A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...
CVE-2026-46602
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...
OESA-2026-2727 python-tornado security update
Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest, rewrites the URL, decrements maxredirects, and removes only the Host header. It does not clear...
CVE-2026-9071
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...
SUSE SLES15 Security Update : kubevirt (SUSE-SU-2026:2400-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2400-1 advisory. Update to version 1.7.4, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms wit...
SUSE SLES15 Security Update : kubevirt-1.6 (SUSE-SU-2026:2401-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2401-1 advisory. This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: -...
GO-2026-5062 Lack of limit on tile sizes in x/image/tiff in golang.org/x/image
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...
Security update for kubevirt-1.6
This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. CVE-2025-47913: golang.org/x/crypto/ssh/agent:...
SUSE-SU-2026:2401-1 Security update for kubevirt-1.6
This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. - CVE-2025-47913: golang.org/x/crypto/ssh/agent...
Security update for kubevirt
This update for kubevirt fixes the following issues: Update to version 1.7.4, fixes various go embedded security issues: CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. CVE-2025-47913: golang.org/x/crypto/ssh/agent: clien...
SUSE-SU-2026:2400-1 Security update for kubevirt
This update for kubevirt fixes the following issues: Update to version 1.7.4, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. - CVE-2025-47913: golang.org/x/crypto/ssh/agent:...
PT-2026-48924
Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...
CVE-2026-10725 Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb
Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...