Lucene search
K

10 matches found

RedHat Linux
RedHat Linux
added 2 days ago5 views

axios: Axios: Denial of Service due to unenforced request and response size limits

A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or...

7.5CVSS5.8AI score0.0063EPSS
Exploits1References5
OSV
OSV
added 2026/05/05 9:57 p.m.7 views

GHSA-W2JH-77FQ-7GP8 OpAMP client reads unbounded HTTP response bodies

Summary When receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This could cause memory exhaustion in the consuming application if the configured OpAMP server i...

5.9CVSS6AI score0.00311EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities arise from using responseType set to stream, causing Axios to return response streams without enforcing maxContentLength, thereby bypassing the...

5.3CVSS5.8AI score0.00421EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.5 views

OpenTelemetry-Go 安全漏洞

OpenTelemetry-Go is an open-source developer toolkit developed by OpenTelemetry - CNCF. Versions of OpenTelemetry-Go prior to 1.43.0 contained a security vulnerability; this vulnerability stemmed from the lack of restrictions on the size of the response body, which could lead to memory exhaustion...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References3
OSV
OSV
added 2026/03/16 3:30 p.m.2 views

GHSA-34G8-9FPP-46CH Mattermost fails to limit the size of responses from integration action endpoints

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that return...

5.3CVSS5.8AI score0.00165EPSS
Exploits0References4
NVD
NVD
added 2026/03/16 2:19 p.m.2 views

CVE-2026-2456

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that return...

5.7CVSS0.00165EPSS
Exploits0References1
OSV
OSV
added 2026/03/16 2:19 p.m.4 views

CVE-2026-2456

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that return...

5.7CVSS5.9AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/11/28 12:22 a.m.14 views

SUSE CVE-2025-64334

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....

7.5CVSS6.8AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 2025/11/26 10:39 p.m.6 views

CVE-2025-64334 Suricata is vulnerable to unbounded memory growth for decompression

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....

7.5CVSS6.7AI score0.00306EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.4 views

PT-2023-20629 · Ox Software Gmbh +1 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises when adding an external mail account, as the processing of SMTP "capabilities" responses is not limited to plausible sizes. An attacker...

4.3CVSS4.4AI score0.01148EPSS
Exploits0References7
Rows per page
Query Builder