CVE-2020-12645

OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption...

MGASA-2025-0334 Updated ruby-rack packages fix security vulnerabilities

Unbounded-Parameter DoS in Rack::QueryParser. CVE-2025-46727 ReDoS Vulnerability in Rack::Multipart handlemimehead. CVE-2025-49007 Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon-separated parameters. CVE-2025-59830 Rack's unbounded multipart preamble buffering...

USN-7705-1: Tomcat vulnerabilities

It was discovered that Tomcat did not correctly handle case sensitivity. An attacker could possibly use this issue to bypass authentication mechanisms. CVE-2025-46701 Elysee Franchuk discovered that Tomcat did not correctly limit the number of attributes for a session. An attacker could possibly...

CVE-2025-38426 drm/amdgpu: Add basic validation for RAS header

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add basic validation for RAS header If RAS header read from EEPROM is corrupted, it could result in trying to allocate huge memory for reading the records. Add some validation to header fields...

UBUNTU-CVE-2025-52887

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected...

CVE-2025-37943 wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12kdprxhundecapnwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields ...

golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers

A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...

USN-6436-1 frr vulnerabilities

It was discovered that the FRR did not properly check the attribute length in NRLI. A remote attacker could possibly use this issue to cause a denial of service. CVE-2023-41358 It was discovered that the FRR did not properly manage memory when reading initial bytes of ORF header. A remote attacke...

Important: golang

Issue Overview: The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh. CVE-2023-24532 HTTP and MIME header...

Important: containerd

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct...

SUSE CVE-2021-44541

A vulnerability was found in Privoxy which was fixed in processencryptedrequestheaders by freeing header memory when failing to get the request destination...

golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers

A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...

AZL-37526 CVE-2022-2879 affecting package golang for versions less than 1.21.6-1

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

AZL-44091 CVE-2022-2879 affecting package podman for versions less than 5.6.1-2

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

AZL-41901 CVE-2022-2879 affecting package containerized-data-importer for versions less than 1.57.0-3

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

PT-2022-19238 · Ireader +9 · Reader +9

Name of the Vulnerable Software and Affected Versions: Reader affected versions not specified Description: The issue is related to the Reader.Read function not setting a limit on the maximum size of file headers. A maliciously crafted archive could cause Reader.Read to allocate unbounded amounts ...

AZL-43909 CVE-2021-44716 affecting package buildah 1.18.0-29

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

DEBIAN-CVE-2021-44541

A vulnerability was found in Privoxy which was fixed in processencryptedrequestheaders by freeing header memory when failing to get the request destination...

CVE-2021-44541

A vulnerability was found in Privoxy which was fixed in processencryptedrequestheaders by freeing header memory when failing to get the request destination...

ALPINE-CVE-2021-44541

A vulnerability was found in Privoxy which was fixed in processencryptedrequestheaders by freeing header memory when failing to get the request destination...