477 matches found
UBUNTU-CVE-2025-46392
Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuratio...
python-werkzeug: high resource usage when parsing multipart form data with many fields
A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...
PT-2025-20302 · F5 · Big-Ip
Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: The issue occurs when a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, and undisclosed responses can cause an increase in memory resource utilization. Recommendations: A...
Do Not Enable the LDAP Service
Lightweight Directory Access Protocol LDAP is a protocol that provides access control and is used to maintain distributed directory information. The LDAP service increases system resource usage and expands the attack surface. If the LDAP service is not required, do not install the LDAP service. T...
Vulnerability of the nfp_cpp_area_cache_add() function in the drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c file – a driver for supporting Ethernet network adapters in the Linux operating system, which allows an attacker to cause a service failure.
Vulnerability of the nfpcppareacacheadd function in the drivers/net/ethernet/netronome/nfp/nfpcore/nfpcppcore.c file – The Linux kernel’s Ethernet adapter support driver has a vulnerability related to uncontrolled resource consumption. Exploiting this vulnerability could allow an attacker to caus...
The vulnerability of the command-line tool of the Zstandard data compression library, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the command-line tool of the Zstandard data compression library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
cpython: python: Uncontrolled CPU resource consumption when in http.cookies module
A flaw was found in the http.cookies module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption...
The vulnerability of the SIEM system testing tool Kraken Stress Testing Toolkit lies in its uncontrolled resource consumption, which allows a malicious actor to trigger a service failure.
The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
expat: parsing large tokens can trigger a denial of service
A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service...
Vulnerability of the acpi_processor_power_exit() function in the driver/acpi/processor_idle.c module – The ACPI support driver for the Linux kernel’s processor idle state provides a mechanism for allowing attackers to access protected information or cause system failures.
Vulnerability of the acpiprocessorpowerexit function in the driver/acpi/processoridle.c module – The ACPI support driver for the Linux kernel involves unconstrained and unrestricted resource allocation. Exploiting this vulnerability could allow an attacker to access protected information or cause...
The vulnerability of the python-multipart streaming multi-component parser, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the python-multipart streaming multi-component parser is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
CVE-2024-7983
In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until...
CVE-2024-9840
...
Linux Distros Unpatched Vulnerability : CVE-2024-7592
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashe...
apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader
A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed...
CLSA-2025-1741126041 bind: Fix of CVE-2024-11187
CVE-2024-11187: fix excessive resource usage by limiting additional section processing and adjusting resolver tests...
Regular Expression Denial of Service (ReDoS)
Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the UtilescapeElement method. An attacker can cause high CPU consumption by providing malicious input. Details Denial of Service...
OESA-2025-1168 etcd security update
%expand: Security Fixes: Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.CVE-2021-28235 Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.CVE-2022-3064 Etcd v3.5.4 allows remote...
bind: bind9: Many records in the additional section cause CPU exhaustion
A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...
bind: bind9: DNS-over-HTTPS implementation suffers from multiple issues under heavy query load
A flaw was found in BIND 9. By flooding a target resolver with HTTP/2 traffic and exploiting this flaw, an attacker could overwhelm the server, causing high CPU and/or memory usage and preventing other clients from establishing DoH connections. This issue could significantly impair the resolver's...