Lucene search
K

16 matches found

SUSE CVE
SUSE CVE
added 2026/06/27 1:52 a.m.7 views

SUSE CVE-2026-54448

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...

6.5CVSS5.8AI score0.0025EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 5:16 p.m.7 views

CVE-2026-54448

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...

6.9CVSS0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:27 p.m.4 views

EUVD-2026-39479

Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52498

Name of the Vulnerable Software and Affected Versions Trivy versions prior to 0.71.0 Description A security scanner issue occurs when processing Helm chart archives .tgz. The custom tar unpacker uses the io.ReadAlltr function without a size limit. An attacker can provide a specially crafted...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References13
OSV
OSV
added 2026/05/29 8:16 p.m.14 views

UBUNTU-CVE-2026-46599

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/29 7:35 p.m.11 views

CVE-2026-46599 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

5.8AI score0.00353EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/21 8:35 p.m.18 views

Allocation of Resources Without Limits or Throttling

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AttachmentsService upload-by-URL path in the attachment handling code. An attacker can exhaust storage or processing resources by providing a remote fil...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/09 3:35 p.m.8 views

EUVD-2026-20914

A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with Content-Encoding: gzip. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive...

5.9AI score0.00484EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/24 7:29 p.m.9 views

Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands

Summary Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achieves 15x memory amplification wire bytes to...

7.5CVSS5.9AI score0.0037EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/03/24 7:16 p.m.4 views

CVE-2026-29772

Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achiev...

7.5CVSS0.0037EPSS
Exploits1References1
NVD
NVD
added 2026/03/06 7:16 a.m.10 views

CVE-2026-29049

melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cau...

4.3CVSS0.00226EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.8 views

melange 代码问题漏洞

Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange prior to 0.40.5 have code vulnerabilities. This vulnerability arises from the fact that the melange update-cache process downloads URIs in the build configuration using io.Copy without size limit...

4.3CVSS7.4AI score0.00226EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/11/04 5:6 p.m.3 views

rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of servi...

7.5CVSS6.7AI score0.00528EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/03 8:18 p.m.3 views

rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of servi...

7.5CVSS6.7AI score0.00528EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.34 views

RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:0585)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0585 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.8CVSS7.7AI score0.73927EPSS
Exploits14References25
OSV
OSV
added 2018/06/07 12:29 p.m.4 views

CVE-2017-6779

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occu...

7.5CVSS5.8AI score0.01984EPSS
Exploits0References1
Rows per page
Query Builder