SUSE SLES12 Security Update : bind (SUSE-SU-2026:1229-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1229-1 advisory. - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Tenable has extracted the preceding...

Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests

Impact Active Storage’s proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability...

EulerOS 2.0 SP12 : python-urllib3 (EulerOS-SA-2026-1409)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through the DWARF parsing process. An attacker can cause the application to enter an infinite output loop by providing a specially crafted binary with malformed DWARF loclists data, resulting in excessive CPU and I/O...

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS has a security vulnerability that stems from excessive CPU and memory consumption when processing specially crafted malicious certificates, whi...

OESA-2026-1286 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming A...

CVE-2025-66453 Rhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() function

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

EUVD-2025-201013

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

GHSA-8MVJ-3J78-4QMW jsPDF Denial of Service (DoS)

Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of...

PT-2025-34787 · Jspdf · Jspdf

Name of the Vulnerable Software and Affected Versions: jsPDF versions prior to 3.0.2 Description: jsPDF is a JavaScript library used to generate PDFs. Prior to version 3.0.2, user control over the first argument of the addImage method can lead to high CPU utilization and denial of service...

PowSyBl 安全漏洞

PowSyBl is an open source framework from PowSyBl, Inc. dedicated to the modeling and simulation of power systems. A security vulnerability exists in PowSyBl versions prior to 6.7.2, which stems from a regular expression denial of service vulnerability in the DataSource mechanism that could lead t...

python-tornado: Tornado has HTTP cookie parsing DoS vulnerability

A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...

DEBIAN-CVE-2024-48938

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process...

Nghttp2 安全漏洞

Nghttp2 is a C library for HTTP/2 implementation from the Nghttp2 community. A security vulnerability exists in Nghttp2 versions prior to 1.61.0, which stems from reading an unlimited number of HTTP/2 CONTINUATION frames may result in excessive CPU utilization...

UBUNTU-CVE-2023-26044

react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impa...

nghttp2: overly large SETTINGS frames can lead to DoS

A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...

UBUNTU-CVE-2019-19331

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A...

DEBIAN-CVE-2016-7068

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if th...