236 matches found
Important: Red Hat Security Advisory: python3.12 security update
An update for python3.12 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations
A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...
Linux Distros Unpatched Vulnerability : CVE-2026-15308
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontroll...
CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations
The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...
CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations
The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...
CVE-2026-15308
The CVE-2026-15308 issue concerns Python’s incremental HTML parser (html.parser.HTMLParser) where the feed() path can cause CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data. The root cause is tied to how unterminated markup declarations are...
CVE-2026-59880
Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...
CVE-2026-59094
Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...
python27:2.7 security update
An update is available for python-backports-sslmatchhostname, python-ipaddress, python-markupsafe, module.python-chardet, module.python-pytest-mock, module.python-docs, python-pysocks, python-docutils, python-nose, module.python-markupsafe, module.python-dns, module.python-setuptoolsscm,...
Alibaba Cloud Linux 3 : 0155: postgresql-jdbc (ALINUX3-SA-2026:0155)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0155 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-42198: pgjdbc is an open source postgresql...
CVE-2026-8202 Post-authentication CPU utilization DoS via $trim/$ltrim/$rtrim operators
Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...
CVE-2026-42245
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...
GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS
Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...
UBUNTU-CVE-2026-33983
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressivedecompresstileupgrade detects a mismatch via progressiverfxquantcmpequal but only emits WLogWARN, execution continues. The wrapped value 247 is used as a shift exponent, causing undefined behavior...
CVE-2025-66453
CVE-2025-66453 — Rhino (JavaScript engine) : Multiple IBM/IBM-linked advisories confirm Rhino, used in products such as MongoDB Enterprise Advanced (IBM), FileNet Content Manager, IBM Maximo MAS, and IBM webMethods BPM, is affected. Prior to Rhino versions 1.8.1, 1.7.15.1, and 1.7.14.1, passing a...
TencentOS Server 3: python27 (TSSA-2023:0113)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0113 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Siemens SIMATIC S7-1500 Inefficient Algorithmic Complexity (CVE-2022-45061)
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...
EUVD-2020-13008
Malware in sbrugna...
EUVD-2024-38073
Malicious code in bioql PyPI...
EUVD-2022-47983
Malicious code in bioql PyPI...