Lucene search
+L

1251 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 6:28 p.m.24 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS6.4AI score0.01279EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/19 1:35 p.m.16 views

firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

7.5CVSS6.4AI score0.01279EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/05/19 12:4 p.m.13 views

CVE-2026-43970

A flaw was found in cowlib. This vulnerability, categorized as Improper Handling of Highly Compressed Data Data Amplification, allows an unauthenticated remote attacker to cause a denial of service DoS. By sending a specially crafted SPDY frame, the cowspdy:inflate/2 function in cowlib passes...

8.2CVSS5.8AI score0.00511EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 7:16 a.m.35 views

CVE-2026-8814

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...

6.9CVSS0.00464EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 5:0 a.m.12 views

CVE-2026-8814

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...

6.9CVSS5.8AI score0.00464EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/19 5:0 a.m.56 views

CVE-2026-8814

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...

6.9CVSS0.00464EPSS
Exploits0References3
OSV
OSV
added 2026/05/19 5:0 a.m.3 views

CVE-2026-8814

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...

6.9CVSS5.9AI score0.00464EPSS
Exploits0References5
CVE
CVE
added 2026/05/19 5:0 a.m.37 views

CVE-2026-8814

CVE-2026-8814 affects the ExifReader library prior to version 4.39.0. The issue is an improper handling of highly compressed data (Data Amplification) that occurs when decompressing PNG zTXt metadata without a built-in maximum decompressed output size, which can cause a crafted PNG to materialize...

6.9CVSS5.8AI score0.00464EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/19 2:12 a.m.94 views

MC-271325-DoS-PoC

Log amplification based denial for service for vanilla Minecra...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/19 2:12 a.m.119 views

MC-271325-PoC

Status trailing-byte log amplification MC-271325 Unauthenti...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.17 views

PT-2026-41832

Name of the Vulnerable Software and Affected Versions exifreader versions prior to 4.39.0 Description Improper handling of highly compressed data leads to data amplification when decompressing PNG zTXt metadata without enforcing a maximum decompressed output size. If asynchronous parsing is...

6.9CVSS5.8AI score0.00464EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-43970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory...

8.2CVSS5.9AI score0.00511EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 9:32 p.m.10 views

EUVD-2026-30131

Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...

8.2CVSS5.8AI score0.00511EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/13 6:43 p.m.27 views

CVE-2026-43970

Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...

8.2CVSS5.8AI score0.00511EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/12 5:22 p.m.49 views

CVE-2026-44167 phpseclib: CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...

7.5CVSS0.00201EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 5:22 p.m.51 views

CVE-2026-44167

phpseclib contains a mitigation bypass for CVE-2024-27355 in the OID handling path (ASN1::decodeOID). Prior to versions 1.0.29, 2.0.54, and 3.0.52, loading untrusted ASN.1 data (e.g., X.509 certificates, RSA keys) could trigger a denial-of-service. The vulnerability is fixed in 1.0.29, 2.0.54, an...

7.5CVSS7.1AI score0.00569EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 5:22 p.m.19 views

CVE-2026-44167 phpseclib: CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...

7.5CVSS7.1AI score0.00569EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 5:22 p.m.2 views

CVE-2026-44167 phpseclib: CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...

7.5CVSS5.9AI score0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/11 6:6 p.m.9 views

CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.15 views

PT-2026-39731

Name of the Vulnerable Software and Affected Versions cowlib versions 0.6.0 through 2.16.0 Description An uncontrolled resource consumption issue in the cow http te module allows for excessive allocation. The chunked transfer-encoding parser accepts an unbounded number of hex digits in the...

8.7CVSS5.8AI score0.00431EPSS
Exploits0References11
Rows per page
Query Builder