Lucene search
K

16 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-56814

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS0.00579EPSS
Exploits0References9
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42873

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References9
CVE
CVE
added 2 days ago6 views

CVE-2026-56814

Summary: CVE-2026-56814 affects Plug:Multipart in Elixir’s Plug.Parsers.MULTIPART, where the :length budget is applied only to part body bytes. Part headers are not counted, so requests with many empty-body file parts can slip under the length limit and create a temporary file per part, triggerin...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-56814

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References10Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-27362

Malicious code in bioql PyPI...

6.5CVSS5.8AI score0.00543EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/04/30 11:0 a.m.3 views

grub2: grub2-set-bootflag can be abused by local (pseudo-)users

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not ...

5.9CVSS6.7AI score0.00327EPSS
Exploits0References5
Amazon
Amazon
added 2024/03/05 12:0 a.m.3 views

Low: grub2

Issue Overview: A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporar...

5.9CVSS6.7AI score0.00327EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/02/08 3:21 a.m.5 views

SUSE CVE-2024-1048

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not ...

3.3CVSS6.9AI score0.00269EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.3 views

grub2 security vulnerability

grub2 is a Linux system boot program from the American GNU community. A security vulnerability exists in grub2, which stems from the fact that if the program is terminated before a rename operation, temporary files will not be deleted and may fill the filesystem on multiple invocations, resulting...

3.3CVSS6.9AI score0.00269EPSS
Exploits0References7
NVD
NVD
added 2022/07/20 3:15 p.m.15 views

CVE-2022-22215

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module PAM of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS. It is possible that after the...

6.5CVSS0.00543EPSS
Exploits1References1
OSV
OSV
added 2022/07/20 3:15 p.m.7 views

CVE-2022-22215

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module PAM of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS. It is possible that after the...

5.5CVSS5.7AI score0.00543EPSS
Exploits1References1
Prion
Prion
added 2022/07/20 3:15 p.m.25 views

Design/Logic Flaw

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module PAM of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS. It is possible that after the...

1.7CVSS5.5AI score0.00543EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2022/07/20 2:15 p.m.17 views

CVE-2022-22215 Junos OS and Junos OS Evolved: /var/run/<pid>.env files are potentially not deleted during termination of a gRPC connection causing inode exhaustion

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module PAM of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS. It is possible that after the...

6.5CVSS6.6AI score0.00543EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/07/13 4:0 p.m.6 views

CVE-2022-22215

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module PAM of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS. It is possible that after the...

6.5CVSS5.9AI score0.00543EPSS
Exploits1References2Affected Software2
RedHat Linux
RedHat Linux
added 2018/10/31 8:43 a.m.6 views

glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service

A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service...

6.5CVSS7.3AI score0.02172EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/10/31 8:43 a.m.4 views

glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service

A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service...

6.5CVSS7.3AI score0.02172EPSS
Exploits0References4
Rows per page
Query Builder