Lucene search
K

110 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-22776

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in...

8.7CVSS5.9AI score0.00353EPSS
Exploits1References3
OSV
OSV
added 2026/01/05 10:15 p.m.12 views

AZL-73517 CVE-2025-69223 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS6.4AI score0.00487EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/05 10:15 p.m.5 views

CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS6.9AI score0.00487EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/02 6:28 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview brotlicffi is a Python CFFI bindings to the Brotli library Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing limits on decompressed output size in the Decompressor.decompress and Decompressor.process methods. These...

7.1CVSS6.7AI score
Exploits0References3
OSV
OSV
added 2025/11/26 3:52 p.m.2 views

SUSE-SU-2025:4264-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930 - CVE-2024-49761: Fixed ReDOS vulnerability by updating REXML to 3.3.9 bsc1232440 - CVE-2025-24294: Fixed denial...

8.7CVSS7AI score0.01429EPSS
Exploits0References18
RedhatCVE
RedhatCVE
added 2025/07/14 4:17 a.m.4 views

CVE-2025-24294

A denial of service flaw was found in resolv ruby gem. This flaw allows an attacker to craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses this packet, the name decompression process consumes a large amount of CPU resources, as the library does...

7.5CVSS5.9AI score0.00539EPSS
Exploits0References4
OSV
OSV
added 2025/07/12 4:15 a.m.2 views

UBUNTU-CVE-2025-24294

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

7.5CVSS6.7AI score0.00539EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/12 12:0 a.m.3 views

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer Yukihiro Matsumoto. A security vulnerability exists in Ruby, which stems from insufficient checking of the length of decompressed domain names in DNS packets, which could lead to a...

7.5CVSS6.3AI score0.00539EPSS
Exploits0References2
OSV
OSV
added 2025/06/27 1:16 p.m.5 views

OESA-2025-1687 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used lar...

4.3CVSS7AI score0.01956EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/06/25 12:16 a.m.5 views

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...

7.5CVSS7.4AI score0.05651EPSS
Exploits0References5
Snyk
Snyk
added 2025/04/09 7:42 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the LoadArchiveFiles function in archive.go. An attacker can disrupt service by supplying an archive whose decompressed size is very large. Remediation Upgrade...

7.1CVSS7AI score0.00379EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/11/10 3:49 a.m.3 views

SUSE CVE-2024-50247

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check if more than chunk-size bytes are written A incorrectly formatted chunk may decompress into more than LZNTCHUNKSIZE bytes and a index out of bounds will occur in smaxoff...

3.3CVSS7.7AI score0.0022EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/08/17 12:0 a.m.26 views

Amazon Linux 2 : containerd (ALASDOCKER-2024-041)

The version of containerd installed on the remote host is prior to 1.7.20-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-041 advisory. 2024-08-27: CVE-2024-24790 was added to this advisory. 2024-08-14: CVE-2023-47108 was removed from this advisory...

9.8CVSS7.1AI score0.01956EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/08/06 12:0 a.m.27 views

Amazon Linux 2023 : nerdctl (ALAS2023-2024-700)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-700 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing...

7.5CVSS7.7AI score0.91969EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2024/05/14 12:0 a.m.31 views

Rocky Linux 9 : skopeo (RLSA-2024:2549)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2549 advisory. - The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshalin...

7.5CVSS7.1AI score0.01956EPSS
Exploits0References4
NVD
NVD
added 2024/04/25 6:15 p.m.20 views

CVE-2024-3508

A flaw was found in Bombastic, which allows authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed...

4.3CVSS4.4AI score0.00491EPSS
Exploits0References2
CVE
CVE
added 2024/04/25 5:46 p.m.120 views

CVE-2024-3508

CVE-2024-3508 concerns Bombastic: authenticated users can upload compressed (bzip2 or zstd) SBOMs via the API, with verification that requires decompression of the uploaded file first. The vulnerability centers on the upload endpoint and its handling of compressed content, enabling a partial impa...

4.3CVSS6.4AI score0.00491EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2024/04/09 8:21 a.m.84 views

CVE-2024-3508

A flaw was found in Bombastic, which allows authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed...

4.3CVSS6.9AI score0.00491EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/03/30 12:0 a.m.24 views

Fedora 38 : prometheus-podman-exporter (2024-45f0a1df95)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-45f0a1df95 advisory. release v1.11.0 ---- release v1.10.1 ---- release v1.10.0 Tenable has extracted the preceding description block directly from the Fedora security advisory...

4.3CVSS7AI score0.01956EPSS
Exploits0References2
Veracode
Veracode
added 2024/03/11 6:2 a.m.27 views

Denial Of Service (DoS)

JWX is vulnerable to Denial of Service DoS. The vulnerability is caused due improper checking of the decompressed data size, allowing an attacker to craft a malicious input with an exceptionally high compression ratio, leading to a Denial of Service DoS condition by consuming excessive memory...

6.8CVSS6.5AI score0.0057EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder