Lucene search
K

20 matches found

NVD
NVD
added 2026/07/06 9:16 a.m.9 views

CVE-2026-24012

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

7.5CVSS0.00546EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-55878

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description An uncontrolled resource consumption issue exists where certain interfaces do not impose reasonable limits on the time span and aggregation interval of queries. An attacker can send a reque...

7.5CVSS5.9AI score0.00546EPSS
Exploits0References6
NVD
NVD
added 2026/06/30 11:16 a.m.8 views

CVE-2026-53916

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS0.00796EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 a.m.4 views

UBUNTU-CVE-2026-53916

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 9:49 a.m.18 views

CVE-2026-53916

CVE-2026-53916 describes a memory allocation issue in Apache ActiveMQ families (ActiveMQ, ActiveMQ All, ActiveMQ Stomp) caused by an unauthenticated STOMP NIO client that can emit header bytes that never terminate. This unbounded header buffering can exhaust the JVM heap. Affected versions are be...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/30 9:49 a.m.4 views

CVE-2026-53916 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS6.1AI score0.00796EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/01 10:29 a.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper configuration of the LengthFieldBasedFrameDecoder value. An attacker can cause the application to exhaust JVM heap memory and disrupt service availability by sending...

8.7CVSS5.5AI score0.0058EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 10:29 a.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper configuration of the LengthFieldBasedFrameDecoder value. An attacker can cause the application to exhaust JVM heap memory and disrupt service availability by sending...

8.7CVSS5.5AI score0.0058EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/20 8:47 p.m.11 views

org.apache.neethi: Apache Neethi: Denial of Service via algorithmic complexity in policy normalization

A flaw was found in Apache Neethi. A remote attacker can exploit this vulnerability by providing specially crafted WS-Policy documents. This triggers an algorithmic complexity issue during policy normalization, leading to an exponential expansion of policy alternatives. This unbounded memory...

7.5CVSS5.7AI score0.00711EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/01 9:30 a.m.11 views

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

7.5CVSS5.7AI score0.00711EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/01 8:54 a.m.33 views

CVE-2026-42402 Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

7.5CVSS0.00711EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 9 : java-1.8.0-openjdk-1.8.0.432.b06-2.el9.ML.1 (AXSA:2024-8932:19)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8932:19 advisory. giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-212...

7.1CVSS7.9AI score0.01157EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-20470

Malware in sbrugna...

7.5CVSS7.5AI score0.01833EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 4:35 p.m.6 views

CVE-2020-27978

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session...

7.5CVSS7.1AI score0.01833EPSS
Exploits0
NVD
NVD
added 2020/10/28 3:15 p.m.21 views

CVE-2020-27978

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session...

7.5CVSS7.5AI score0.01833EPSS
Exploits0References1
Prion
Prion
added 2020/10/28 3:15 p.m.12 views

Design/Logic Flaw

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session...

5CVSS7.5AI score0.01833EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/10/28 2:43 p.m.44 views

CVE-2020-27978

CVE-2020-27978 (Shibboleth Identify Provider 3.x prior to 3.4.6) is a denial-of-service vulnerability where a remote unauthenticated attacker can trigger a login flow that exhausts Java heap by creating objects in the Java Servlet container session. Affected product is Shibboleth Identify Provide...

7.5CVSS7.5AI score0.01833EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/28 2:43 p.m.31 views

CVE-2020-27978

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session...

7.5AI score0.01833EPSS
Exploits0References1
n0where
n0where
added 2015/01/24 5:4 p.m.997 views

Dex to Java Decompiler: jadx

Command line and GUI tools for produce Java source code from Android Dex and Apk files Building from source git clone https://github.com/skylot/jadx.git cd jadx ./gradlew dist on Windows, use gradlew.bat instead of ./gradlew Scripts for run jadx will be placed in build/jadx/bin and also packed to...

Exploits0References2
Cent OS
Cent OS
added 2013/10/22 7:41 a.m.81 views

java security update

CentOS Errata and Security Advisory CESA-2013:1447 Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring Syst...

10CVSS6.9AI score0.24738EPSS
Exploits0References7
Rows per page
Query Builder