6 matches found
CVE-2026-6409
A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability...
Astra Linux – Vulnerability in jsoup
jsoup is a Java library for working with HTML. Users of jsoup versions prior to 1.14.2 who parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user-supplied input, an attacker may provide content that causes the parser to become stuck loop indefinitely until...
EulerOS 2.0 SP10 : golang (EulerOS-SA-2026-1336)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the...
PT-2026-33338
Name of the Vulnerable Software and Affected Versions Protobuf PHP versions prior to 5.34.0-RC1 Protobuf PHP versions prior to 4.33.6 Description A Denial of Service DoS issue exists during the parsing of untrusted input. Maliciously structured messages, specifically those containing negative...
CVE-2025-66564
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...
AZL-36945 CVE-2021-37714 affecting package jsoup 1.11.3-4
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...