Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/07/06 10:43 p.m.5 views

CVE-2026-11586

A flaw was found in curl. A malicious server can exploit this vulnerability by sending rapid, sequential WebSocket PING messages. Due to a lack of an upper bound on memory allocation for unacknowledged frames, curl can be forced to exhaust all available memory, leading to a denial of service...

7.5CVSS5.8AI score0.0086EPSS
Exploits1References6
Snyk
Snyk
added 2026/07/03 8:18 a.m.6 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to the lack of an upper bound on memory allocation for unacknowledged WebSocket PING frames. An attacker can cause memory exhaustion by sending a rapid sequence of PING messages from a malicious server. Details...

8.7CVSS6AI score0.0086EPSS
Exploits1References2
OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-11586

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS6AI score0.0086EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.7 views

CVE-2026-11586

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS0.0086EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:13 a.m.60 views

CVE-2026-11586

CVE-2026-11586 : curl is vulnerable to memory exhaustion via WebSocket PING handling. The description across sources states that curl automatically responds to WebSocket PING frames and lacks an upper bound on memory allocation for unacknowledged frames, enabling a malicious server to flood curl ...

7.5CVSS6AI score0.0086EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/07/03 6:13 a.m.7 views

EUVD-2026-41500

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

6AI score0.0086EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:13 a.m.5 views

CVE-2026-11586

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS6AI score0.0086EPSS
Exploits1References3
OSV
OSV
added 2026/06/24 2:0 p.m.4 views

UBUNTU-CVE-2026-11586

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS5.9AI score0.0086EPSS
Exploits1References4
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.7 views

WS Auto-PONG memory exhaustion

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS5.8AI score0.0086EPSS
Exploits1References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.4 views

Fedora 44 : cpp-httplib (2026-03599f0b32)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-03599f0b32 advisory. Update to 0.38.0 rhbz2447261 - Filename sanitization for path traversal prevention Added sanitizefilename to prevent path traversal attacks via malicious...

8.7CVSS5.9AI score0.00179EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.2 views

Fedora 43 : cpp-httplib (2026-e76feaf213)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e76feaf213 advisory. Update to 0.38.0 rhbz2447261 - Filename sanitization for path traversal prevention Added sanitizefilename to prevent path traversal attacks via malicious...

8.7CVSS5.9AI score0.00179EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2015-0250

Malicious code in bioql PyPI...

5CVSS6.2AI score0.18812EPSS
Exploits0References34
Tenable Nessus
Tenable Nessus
added 2025/04/15 12:0 a.m.10 views

RHEL 6 / 7 : httpd24-httpd (RHSA-2015:1666)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1666 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the wa...

5CVSS6.6AI score0.73327EPSS
Exploits0References11
F5 Networks
F5 Networks
added 2023/02/21 7:53 p.m.38 views

K17157: Apache HTTP server vulnerability CVE-2015-0228

Security Advisory Description The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade...

5CVSS6AI score0.18812EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:23 a.m.4 views

SUSE CVE-2015-0228

The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function...

5CVSS8.7AI score0.18812EPSS
Exploits0References4
Veracode
Veracode
added 2019/05/02 5:18 a.m.31 views

Denial Of Service (DoS)

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which...

5CVSS6.6AI score0.73327EPSS
Exploits0References42Affected Software1
Veracode
Veracode
added 2019/01/15 9:7 a.m.34 views

Denial Of Service (DoS)

httpd is vulnerable to denial of service. The modlua httpd module improperly processed certain WebSocket Ping requests, allowing a remote attacker to cause the httpd child process to crash via a malicious WebSocket Ping request...

5CVSS8.7AI score0.18812EPSS
Exploits0References42Affected Software1
RedHat Linux
RedHat Linux
added 2015/08/24 3:56 p.m.96 views

Moderate: Red Hat Security Advisory: httpd24-httpd security update

Updated httpd24-httpd packages that fix multiple security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

5CVSS6.7AI score0.73327EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/08/18 12:0 a.m.36 views

Amazon Linux AMI : httpd24 (ALAS-2015-579)

It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. CVE-2015-3185...

5CVSS6.3AI score0.73327EPSS
Exploits0References5
Amazon
Amazon
added 2015/08/17 12:0 a.m.68 views

Medium: httpd24

Issue Overview: It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...

5CVSS7.1AI score0.73327EPSS
Exploits0
Rows per page
Query Builder