Lucene search
+L

86 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43643

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...

6.3CVSS6.2AI score0.00305EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago25 views

CVE-2026-58229 Unbounded HTTP/1 response-header and chunked-trailer accumulation in Mint causes memory-exhaustion DoS

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decodeheaders/5 and Mint.HTTP1.decodetrailerheaders/4 functions in lib/mint/http1.ex accumulate every parsed...

8.2CVSS0.00305EPSS
Exploits0References4
CVE
CVE
added 5 days ago8 views

CVE-2026-58229

The CVE-2026-58229 issue affects the Elixir Mint HTTP client. Mint.HTTP1.decode_headers/5 and Mint.HTTP1.decode_trailer_headers/4 accumulate all parsed response headers and trailer fields into a request.headers_buffer without a cap, and decoding uses unlimited per-line/packet limits. A malicious ...

8.2CVSS6.2AI score0.00305EPSS
Exploits0References4
OSV
OSV
added 5 days ago3 views

EEF-CVE-2026-58229 Unbounded HTTP/1 response-header and chunked-trailer accumulation in Mint causes memory-exhaustion DoS

Summary Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decode\headers/5 and Mint.HTTP1.decode\trailer\headers/4 functions in lib/mint/http1.ex accumulate every...

8.2CVSS6.2AI score0.00305EPSS
Exploits0References4
OSV
OSV
added 5 days ago4 views

CVE-2026-58229 Unbounded HTTP/1 response-header and chunked-trailer accumulation in Mint causes memory-exhaustion DoS

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decodeheaders/5 and Mint.HTTP1.decodetrailerheaders/4 functions in lib/mint/http1.ex accumulate every parsed...

8.2CVSS6.2AI score0.00305EPSS
Exploits0References9
OSV
OSV
added 2026/07/07 9:17 p.m.5 views

DEBIAN-CVE-2026-58472

GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the htmlquotestring function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity...

7.1CVSS6.3AI score0.00221EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 4:16 p.m.20 views

CVE-2026-49754

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...

8.2CVSS0.00384EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/02 2:15 p.m.39 views

CVE-2026-49754 HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...

8.2CVSS0.00384EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.10 views

CVE-2026-47077

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...

8.2CVSS5.9AI score0.00703EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/25 2:0 p.m.12 views

EUVD-2026-31688

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...

8.2CVSS5.9AI score0.00703EPSS
Exploits1References4
OSV
OSV
added 2026/05/25 2:0 p.m.7 views

EEF-CVE-2026-47077 Unbounded body accumulation in HTTP/3 response loop in hackney

Summary Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackney\h3:await\response\loop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every...

8.2CVSS6.2AI score0.00703EPSS
Exploits1References4
OSV
OSV
added 2026/05/25 2:0 p.m.7 views

CVE-2026-47077 Unbounded body accumulation in HTTP/3 response loop in hackney

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...

8.2CVSS6.1AI score0.00703EPSS
Exploits1References9
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in pillow

A issue was discovered in Pillow prior to version 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to handle any combination of \r and \n as line endings. This implementation uses a quadratic method of accumulating lines while searching for a line ending. A malicious EPS...

7.5CVSS6.6AI score0.02293EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/01 1:56 p.m.11 views

EUVD-2026-26513

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use checkaddoverflow to prevent u16 DACL size overflow setposixaclentriesdacl and setntacldacl accumulate ACE sizes in u16 variables. When a file has many POSIX ACL entries, the accumulated size can wrap past 65535, causin...

5.8AI score0.00117EPSS
Exploits0References5
CVE
CVE
added 2026/05/01 1:56 p.m.30 views

CVE-2026-31704

CVE-2026-31704 affects the Linux kernel’s ksmbd ACL handling. The vulnerability arises when accumulating ACL entry sizes uses 16-bit counters (u16) in set_posix_acl_entries_dacl() and set_ntacl_dacl(), allowing wraparound past 65535 and causing pointer arithmetic on pndace to land within already-...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/01 1:56 p.m.6 views

CVE-2026-31704

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use checkaddoverflow to prevent u16 DACL size overflow setposixaclentriesdacl and setntacldacl accumulate ACE sizes in u16 variables. When a file has many POSIX ACL entries, the accumulated size can wrap past 65535, causin...

5.8AI score0.00117EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.6 views

PT-2026-36334

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, the functions set posix acl entries dacl and set ntacl dacl accumulate Access Control Entry ACE sizes using u16 variables. When a file contains numerous POSIX ACL...

9.8CVSS6.2AI score0.00542EPSS
Exploits2References324
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.9 views

SUSE CVE-2026-33594

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection...

7.5CVSS6AI score0.00371EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.7 views

Rigorous Security Proofs for Practical Quantum Key Distribution

This thesis is concerned with rigorous security analyses of practical Quantum Key Distribution QKD protocols, using a variety of modern proof techniques. The main results are as follows. First, we establish a security proof for variable-length QKD protocols against IID collective attacks, and...

5.4AI score
Exploits0
EUVD
EUVD
added 2026/04/22 3:31 p.m.12 views

EUVD-2026-24931

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection...

5.3CVSS6AI score0.00371EPSS
Exploits0References2
Rows per page
Query Builder