Lucene search
+L

22 matches found

OSV
OSV
added 2026/07/08 9:24 p.m.3 views

CVE-2026-44160 Fluentd: Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's inhttp and inforward plugins support gzip-compressed data but enforce limits only on compressed payloads through settings such as bodysizelimit and...

7.5CVSS7AI score0.0062EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/26 4:35 p.m.6 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the inhttp and inforward plugins when decompressing gzip-compressed data. An attacker can cause excessive memory consumption by sending a highly compressed payload that...

8.7CVSS5.8AI score0.0062EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-53005

Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description The out http output plugin allows the use of placeholders, such as $tag, in the endpoint configuration parameter. If a placeholder value is derived from untrusted input, an attacker can control the...

7.2CVSS7.3AI score0.00442EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.10 views

CVE-2026-33386

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

2.3CVSS5.6AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/25 3:8 p.m.5 views

CVE-2025-12977

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

9.1CVSS6.9AI score0.00646EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/24 2:40 p.m.12 views

CVE-2025-12977 CVE-2025-12977

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

0.00646EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-2799

Malware in sbrugna...

5CVSS6AI score0.11089EPSS
Exploits1References19
OSV
OSV
added 2021/11/03 4:15 p.m.25 views

CVE-2021-43082

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0...

9.8CVSS6.6AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/11/03 12:0 a.m.33 views

CVE-2021-43082

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0...

9.8CVSS7.2AI score0.0233EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.19 views

FreeBSD Ports: libxine

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

5CVSS6.5AI score0.11089EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.25 views

openSUSE 10 Security Update : xine-lib (xine-lib-1599)

Missing length checks in the HTTP plugin could lead to a buffer overflow on the heap CVE-2006-2802. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update xine-lib-1599. The text description of this...

5CVSS5.3AI score0.11089EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2006/09/15 12:0 a.m.31 views

GLSA-200609-08 : xine-lib: Buffer overflows

The remote host is affected by the vulnerability described in GLSA-200609-08 xine-lib: Buffer overflows xine-lib contains buffer overflows in the processing of AVI. Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP plugin xinepluginphttp.so via a long reply from an HTTP server...

5CVSS6.5AI score0.11089EPSS
Exploits1References2
Gentoo Linux
Gentoo Linux
added 2006/09/13 12:0 a.m.27 views

xine-lib: Buffer overflows

Background xine is a high performance, portable and reusable multimedia playback engine. xine-lib is xine's core engine. Description xine-lib contains buffer overflows in the processing of AVI. Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP plugin xinepluginphttp.so via a...

5CVSS7.8AI score0.11089EPSS
Exploits1
Debian
Debian
added 2006/07/07 6:43 a.m.58 views

[SECURITY] [DSA 1105-1] New xine-lib packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 1105-1 [email protected] http://www.debian.org/security/ Martin Schulze July 7th, 2006 http://www.debian.org/security/faq -...

5CVSS6.6AI score0.11089EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2006/06/24 12:0 a.m.32 views

Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:108)

A buffer overflow in the HTTP Plugin xinepluginphttp.so for xine-lib 1.1.1 allows remote attackers to cause a denial of service application crash via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. CVE-2006-2802 In addition, a possible buffer overflow exists in the AVI demuxe...

5.1CVSS5.9AI score0.11089EPSS
Exploits1References1
NVD
NVD
added 2006/06/03 10:2 a.m.17 views

CVE-2006-2802

Buffer overflow in the HTTP Plugin xinepluginphttp.so for xine-lib 1.1.1 allows remote attackers to cause a denial of service application crash via a long reply from an HTTP server, as demonstrated using gxine 0.5.6...

5CVSS6.5AI score0.11089EPSS
Exploits1References15
Prion
Prion
added 2006/06/03 10:2 a.m.17 views

Buffer overflow

Buffer overflow in the HTTP Plugin xinepluginphttp.so for xine-lib 1.1.1 allows remote attackers to cause a denial of service application crash via a long reply from an HTTP server, as demonstrated using gxine 0.5.6...

5CVSS6.6AI score0.11089EPSS
Exploits1References15Affected Software2
Cvelist
Cvelist
added 2006/06/03 10:0 a.m.33 views

CVE-2006-2802

Buffer overflow in the HTTP Plugin xinepluginphttp.so for xine-lib 1.1.1 allows remote attackers to cause a denial of service application crash via a long reply from an HTTP server, as demonstrated using gxine 0.5.6...

6.4AI score0.11089EPSS
Exploits1References15
CVE
CVE
added 2006/06/03 10:0 a.m.89 views

CVE-2006-2802

CVE-2006-2802 : Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) of xine-lib 1.1.1 can be triggered by a long HTTP response, leading to a denial of service (application crash). Connected advisories confirm this issue across multiple distributions (e.g., Debian DSA-1105 noting a fix, with...

5CVSS6.4AI score0.11089EPSS
Exploits1References15Affected Software2
UbuntuCve
UbuntuCve
added 2006/06/03 12:0 a.m.21 views

CVE-2006-2802

Buffer overflow in the HTTP Plugin xinepluginphttp.so for xine-lib 1.1.1 allows remote attackers to cause a denial of service application crash via a long reply from an HTTP server, as demonstrated using gxine 0.5.6...

5CVSS6AI score0.11089EPSS
Exploits1References2
Rows per page
Query Builder