51 matches found
CVE-2026-44432
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
CVE-2024-39895
Directus is a real-time API and App dashboard for managing SQL database content. A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single...
GO-2025-4155 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
EUVD-2018-18667
Malware in sbrugna...
EUVD-2019-16241
Malware in sbrugna...
EUVD-2023-57650
Malicious code in bioql PyPI...
CVE-2025-48038 Unverified File Handles can Cause Excessive Use of System Resources
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4...
EulerOS 2.0 SP13 : dhcp (EulerOS-SA-2025-1610)
According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An...
CVE-2019-6667
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX Financial Information eXchange profile applied...
CVE-2019-6661
When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources...
CVE-2024-10935
automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary,...
SUSE CVE-2024-10846
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
Denial Of Service (DoS)
org.apache.tomcat, tomcat-catalina is vulnerable to Denial Of Service DoS. The vulnerability is due to excessive resource consumption in the examples web application, which allows an attacker to cause a denial of service...
CVE-2024-50354 Out-of-memory during deserialization with crafted inputs
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory...
USN-7067-1: HAProxy vulnerability
It was discovered that HAProxy did not properly limit the creation of new HTTP/2 streams. A remote attacker could possibly use this issue to cause HAProxy to consume excessive resources, leading to a denial of service...
Ubuntu 18.04 LTS : HAProxy vulnerability (USN-7067-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7067-1 advisory. It was discovered that HAProxy did not properly limit the creation of new HTTP/2 streams. A remote attacker could possibly use this issue to cause HAProxy to...
GHSA-7HMH-PFRP-VCX4 Directus GraphQL Field Duplication Denial of Service (DoS)
Summary A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and...
Mattermost Denial of Service Vulnerability (CNVD-2023-9448711)
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from an inability to limit the log size of server logs, which can be exploited by an attacker to consume excessive resources and cau...
Denial Of Service (DoS)
org.eclipse.parsson:parsson is vulnerable to Denial of Service DoS. An attacker is able to exploit this vulnerability by sending a specially crafted JSON document with large numbers, which would cause the parser to consume excessive resources leading to a Denial of Service...