25 matches found
Denial-of-Service (DoS)
llamaindex.core is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to uncontrolled memory consumption in SimpleDirectoryReader, where all files in a directory are loaded into memory before enforcing the numfileslimit, allowing large directories to exhaust memory and degrade or cra...
GHSA-488G-HW5F-X29P llama-index-core vulnerable to Uncontrolled Resource Consumption
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
CVE-2025-6208
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
CVE-2025-6208 Uncontrolled Memory Consumption in run-llama/llama_index
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
CVE-2025-6208
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
EUVD-2025-206599
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
CVE-2025-6208 Uncontrolled Memory Consumption in run-llama/llama_index
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
CVE-2025-39756
In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INTMAX When sysctlnropen is set to a very high value for example, 1073741816 as set by systemd, processes attempting to use file descriptors near the limit can trigger massi...
Ensure That the Number of Files That Can Be Opened by Users Is Correctly Configured
The number of files that can be opened in Linux is limited. Once the limit is reached by a user, other users can no longer open files. By default, openEuler limits the maximum number of file handles that can be opened by each user to 1024. If the value exceeds 1024, new file handles cannot be...
wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)
A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections...
wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)
A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections...
CVE-2024-1635
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
CVE-2024-1635
Undertow vulnerability CVE-2024-1635 affects servers supporting the wildfly-http-client protocol. The issue arises during HTTP upgrade to remoting: WriteTimeoutStreamSinkConduit is not notified when a RemotingConnection is closed, causing timeout tasks to leak and accumulate, which leaks connecti...
Apache Commons FileUpload denial of service vulnerability
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...
CVE-2022-33749
XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other trusted clients, and blocks XAPI from carrying out any tasks that require the opening of file...
CVE-2022-33749
CVE-2022-33749 affects Citrix XenServer / Citrix Hypervisor (Xen) components. The issue permits an unauthenticated attacker on the management network to trigger a denial-of-service by exhausting the XAPI file-descriptor limit, preventing new requests from trusted clients and blocking tasks requir...
CVE-2022-33749
XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other trusted clients, and blocks XAPI from carrying out any tasks that require the opening of file...
CVE-2022-33749
Removed by vendor...
CVE-2020-14322
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yuicombo needed to limit the amount of files it can load to help mitigate the risk of denial of service...
CVE-2020-14322
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yuicombo needed to limit the amount of files it can load to help mitigate the risk of denial of service...