CVE-2026-3592 Amplification vulnerabilities via self-pointed glue records

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0...

MiracleLinux 7 : unbound-1.6.6-4.el7 (AXSA:2020-139:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-139:02 advisory. unbound: amplification of an incoming query into a large number of queries directed to a target CVE-2020-12662 unbound: infinite loop via malformed D...

Asymmetric Resource Consumption (Amplification)

Overview Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification via the Schema.load method of the error storage utility, when handling input with the many parameter set to True. An attacker can cause excessive CPU consumption by submitting a moderately...

Fulcio allocates excessive memory during token parsing

Function identity.extractIssuerURL currently splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request with an invalid OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs...

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

Security update for expat

This update for expat fixes the following issues: CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input bsc1249584. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

SUSE-SU-2025:20868-1 Security update for expat

This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input bsc1249584...

Security update for expat

This update for expat fixes the following issues: CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input bsc1249584. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

SUSE-SU-2025:03624-1 Security update for expat

This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input bsc1249584...

SUSE: Security Advisory (SUSE-SU-2025:03537-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2025:03508-1 Security update for expat

This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input bsc1249584...

EUVD-2025-29479

Malicious code in bioql PyPI...

Asymmetric Resource Consumption (Amplification)

Overview Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification through the parse.ParseUnverified function. An attacker can cause excessive memory allocation by sending a crafted request with many period characters in the Authorization header. Remediatio...

PT-2024-28048 · Softether · Softether Vpn

Name of the Vulnerable Software and Affected Versions: SoftEtherVPN versions prior to 5.02.5185 Description: The issue arises when SoftEtherVPN is deployed with L2TP enabled, allowing the host to be used for amplification/reflection traffic generation. This occurs because the program responds to...

Web Censorship Systems Can Facilitate Massive DDoS Attacks

Researchers are warning internet censorship systems are ripe for abuse by a new type of distributed denial of service DDoS attack. The potential for abuse is concerning, researchers say, because attacks would take advantage of a type of reflection and amplification, which would be “extremely...

CVE-2020-10772

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared t...

CVE-2020-10772

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared t...

unbound: amplification of an incoming query into a large number of queries directed to a target

A network amplification vulnerability was found in Unbound, in the way it processes delegation messages from one authoritative zone to another. This flaw allows an attacker to cause a denial of service or be part of an attack against another DNS server when Unbound is deployed as a recursive...

unbound: amplification of an incoming query into a large number of queries directed to a target

A network amplification vulnerability was found in Unbound, in the way it processes delegation messages from one authoritative zone to another. This flaw allows an attacker to cause a denial of service or be part of an attack against another DNS server when Unbound is deployed as a recursive...

Huawei EulerOS: Security Advisory for memcached (EulerOS-SA-2019-2631)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...