40 matches found
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...
RLSA-2026:25057 Important: mod_http2 security update
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...
CVE‑2026‑49975 – HTTP/2 Denial of Service Vulnerability
Status: EPMM unaffected Summary: CVE‑2026‑49975 is a denial‑of‑service DoS vulnerability affecting HTTP/2 implementations in several web servers. The issue allows an unauthenticated attacker to exhaust server memory using specially crafted HTTP/2 requests. EPMM / Sentry rely on Apache Tomcat for...
freerdp security update
An update is available for freerdp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...
DEBIAN-CVE-2026-40394
Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service daemon panic for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is...
Denial Of Service (DoS)
github.com/envoyproxy/envoy is vulnerable to a Denial Of Service DoS. The vulnerability is due to a re-entry bug in the JwksFetcherImpl during failed remote JWKS fetching with multiple JWT tokens, which allows an attacker to trigger a crash by sending crafted requests that cause overlapping fetch...
CVE-2019-25588 BulletProof FTP Server 2019.0.0.50 Denial of Service via DNS Address
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes...
EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2026-1136)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bound...
CVE-2025-65563
CVE-2025-65563 affects omec-project UPF (upf-epc/pfcpiface). A NULL pointer dereference occurs in the association setup handler when a PFCP Association Setup Request omits the mandatory NodeID Information Element, causing a panic and UPF process termination. An attacker able to send PFCP Associat...
EUVD-2017-11514
Malware in sbrugna...
EUVD-2020-1944
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-27291
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have...
CVE-2025-47279
CVE-2025-47279 — Undici (Node.js HTTP/1.1 client) : A memory leak can occur in webhook-like usage when an attacker runs a server with an invalid TLS certificate and forces repeated webhook calls. The issue is fixed in Undici versions 5.29.0, 6.21.2, and 7.5.0. As a workaround, avoid calling a web...
Amazon Linux 2 : docker (ALASDOCKER-2025-060)
The version of docker installed on the remote host is prior to 20.10.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-060 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Rea...
CVE-2023-34328
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...
CVE-2023-34327
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...
CVE-2023-34327
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...
CVE-2023-34327
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...
CVE-2023-34328
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...
CVE-2023-34328
CVE-2023-34328 relates to Xen where a PV vCPU can place a breakpoint over the live GDT, potentially locking up the CPU. This is described in the CNA as a Xen/AMD x86 debugging state handling issue that can lead to a denial of service. The entry references XSA-156 and CVE-2015-8104 as related cont...