20568 matches found
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters
Summary Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with Stringslice! prefix deletion. For escape-heavy quoted values, this causes super-linear processing. An unauthenticat...
Denial of Service (DoS)
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
Inefficient Algorithmic Complexity
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
UBUNTU-CVE-2026-34827
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with...
mysql: Optimizer unspecified vulnerability (CPU Jan 2026)
Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network...
mysql:8.4 security update
An update is available for mecab-ipadic, module.mecab-ipadic, module.mysql, module.mecab, mysql, mecab. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MySQL is ...
CVE-2026-34043
A flaw was found in serialize-javascript. An attacker can exploit this vulnerability by providing a specially crafted "array-like" object with an excessively large length property during the serialization process. This action causes the application to enter an intensive loop, leading to 100% CPU...
Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to urllib3
Summary The urllib3 library is used by IBM Cloud Pak for Data System 1.0 to provide HTTP client functionality for Python applications. Multiple vulnerabilities affect urllib3. CVE-2025-66418 involves allocation of resources without limits or throttling. CVE-2025-66471 and CVE-2026-21441 both rela...
Important: bind
Issue Overview: If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...
Important: bind
Issue Overview: If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...
Amazon Linux 2 : bind, --advisory ALAS2-2026-3226 (ALAS-2026-3226)
The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3226 advisory. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive...
Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2026-1533)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1533 advisory. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there...
Updated zlib packages fix security vulnerability
zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition. CVE-2026-27171...
MGASA-2026-0076 Updated zlib packages fix security vulnerability
zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition. CVE-2026-27171...
DEBIAN-CVE-2026-34043
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...
CVE-2026-34043
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...
CVE-2026-34043
CVE-2026-34043 affects the Node.js module serialize-javascript. The vulnerability causes a DoS via CPU exhaustion when serializing a specially crafted array-like object with a very large length, leading to a 100% CPU loop and hang. This is fixed in version 7.0.5; affected deployments should upgra...
CVE-2026-34043
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...
UBUNTU-CVE-2026-33983
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressivedecompresstileupgrade detects a mismatch via progressiverfxquantcmpequal but only emits WLogWARN, execution continues. The wrapped value 247 is used as a shift exponent, causing undefined behavior...