CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

CVE-2026-33983 FreeRDP: Progressive Codec Quant BYTE Underflow - UB + CPU DoS

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressivedecompresstileupgrade detects a mismatch via progressiverfxquantcmpequal but only emits WLogWARN, execution continues. The wrapped value 247 is used as a shift exponent, causing undefined behavior...

MiracleLinux 8 : python38:3.8 and python38-devel:3.8 (AXSA:2023-5975:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5975:01 advisory. python: int type in PyLongFromString does not limit amount of digits converting text to int leading to DoS CVE-2020-10735 python: open redirection...

python39:3.9 and python39-devel:3.9 security update

An update is available for module.python-psutil, python-packaging, module.Cython, module.python-iniconfig, module.python-wcwidth, module.python-ply, python-psutil, python-chardet, module.python-pluggy, python-lxml, python-pysocks, python-wcwidth, python-pluggy, module.python-attrs, Cython,...

TencentOS Server 3: python38 and python38-devel (TSSA-2023:0112)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0112 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

RHEL 6 : ocaml-xml-light (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ocaml-xml-light: hash table collisions CPU usage DoS CVE-2012-3514 Note that Nessus has not tested for this issue b...

RHEL 4 : apr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - apr: hash table collisions CPU usage DoS CVE-2012-0840 Note that Nessus has not tested for this issue but has inste...

CVE-2023-44184 Junos OS and Junos OS Evolved: High CPU load due to specific NETCONF command

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon mgd process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU...

CVE-2023-44184

The CVE-2023-44184 issue affects Juniper Networks Junos OS and Junos OS Evolved in the mgd (management daemon) component. A memory-buffer bound check violation allows a network-based, authenticated, low-privileged attacker to execute a specific NETCONF command that can cause CPU denial of service...

CVE-2022-46770

qubes-mirage-firewall aka Mirage firewall for QubesOS 0.8.x through 0.8.3 allows guest OS users to cause a denial of service CPU consumption and loss of forwarding via a crafted multicast UDP packet IP address range of 224.0.0.0 through 239.255.255.255...

Design/Logic Flaw

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service DoS by consuming excessive CPU and memory resources...

CVE-2021-21341

CVE-2021-21341 affects the XStream Java library (unmarshalling) prior to 1.4.16. The vulnerability enables a remote attacker to cause a denial-of-service by consuming 100% CPU time via manipulated input streams. Impact is described as CPU denial of service; no user impact if the recommended Secur...

CVE-2020-24606

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cachepeer is used with the cache digests feature. The problem exists because...

Catastrophic backtracking in regex allows Denial of Service in Waitress

Impact When waitress receives a header that contains invalid characters it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This would allow an attacker to send a single request with an invalid...

openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1444)

This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability bsc1121967. - CVE-2019-6486: go security release, fixing crypto/elliptic C...

Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (important)

openSUSE Security Update: Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork Announcement ID: openSUSE-SU-2019:1444-1 Rating: important References: 1114209 1114832 1118897 1118898 1118899 1121397 1121967 1123013 1128376 1128746 1134068...

openSUSE: Security Advisory for containerd (openSUSE-SU-2019:0295-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security fix for the ALT Linux 10 package golang version 1.11.5-alt1

Jan. 24, 2019 Alexey Shabalin 1.11.5-alt1 - 1.11.5 - fixed CPU DoS vulnerability affecting P-521 and P-384 Fixes: CVE-2019-6486 - add ppc64le to goarches...

CVE-2018-1000654

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in asn1expandobjectidptree, after a long time, the program will be killed. This attack appears to be exploitable via...

OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous...