Lucene search
K

33 matches found

Snyk
Snyk
added 2026/05/26 11:8 p.m.7 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to the HKDFexpand and EVPHPKECTXexport functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic,...

6.9CVSS5.5AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/26 11:8 p.m.7 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to the HKDFexpand and EVPHPKECTXexport functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic,...

6.9CVSS5.5AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/26 11:8 p.m.6 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to the HKDFexpand and EVPHPKECTXexport functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic,...

6.9CVSS5.5AI score0.00193EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/26 11:8 p.m.20 views

netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

HKDFexpand: returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVPHPKECTXexport fails it also returns an empty byte...

6.9CVSS5.8AI score0.00193EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 1:5 p.m.3 views

Security Bulletin: Vulnerability in brotli affects IBM Netezza Appliance

Summary The brotli package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-6176 Vulnerability Details CVEID:CVE-2025-6176 DESCRIPTION: Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli...

7.5CVSS5.3AI score0.00509EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.7 views

EulerOS 2.0 SP11 : brotli (EulerOS-SA-2026-1571)

According to the versions of the brotli package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/10 6:32 p.m.2 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/10 9:11 a.m.4 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/10 9:6 a.m.2 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/10 7:49 a.m.12 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/09 2:38 a.m.2 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/09 2:21 a.m.3 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/09 1:39 a.m.5 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/05 9:50 a.m.4 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
OSV
OSV
added 2026/02/04 5:48 p.m.3 views

GHSA-49MX-FJ45-Q3P6 n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

Impact The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process for example, data from prior requests, tasks, secrets, or tokens,...

7.7CVSS5.9AI score0.00364EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/04 5:48 p.m.9 views

n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

Impact The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process for example, data from prior requests, tasks, secrets, or tokens,...

7.7CVSS5.9AI score0.00364EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.5 views

PT-2026-6357

Impact The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process for example, data from prior requests, tasks, secrets, or tokens,...

7.7CVSS6AI score0.00364EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/20 12:13 p.m.2 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

EulerOS 2.0 SP12 : brotli (EulerOS-SA-2026-1083)

According to the versions of the brotli package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The...

7.5CVSS7.2AI score0.00509EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

EulerOS 2.0 SP10 : brotli (EulerOS-SA-2026-1020)

According to the versions of the brotli package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The...

7.5CVSS7.2AI score0.00509EPSS
Exploits0References2
Rows per page
Query Builder