EUVD-2026-33432

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

CVE-2026-46599

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

PT-2026-44992

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The TIFF decoder fails to impose a limit on the size of PackBits-compressed data. This allows a maliciously crafted image, even one with small pixel dimensions a...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the lack of restrictions on the size of PackBits compressed data. This vulnerability...

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from uncontrolled resource consumption. This allows authenticated users with low privileges to submit specially crafted large data packets to...

CVE-2026-41685

A flaw was found in Incus, a system container and virtual machine manager. Authenticated users can exploit this vulnerability by uploading a large amount of data, which can exhaust the Incus server's disk space. This can lead to a Denial of Service DoS condition, potentially taking down the host...

Incus 安全漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of disk space exhaustion due to the upload of large amounts of data, which could affect the host system...

Astra Linux - уязвимость в openssl

Issue summary: Writing large, newline-free data into a BIO chain using the line-bufferring filter, where the next BIO performs short writes, can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption, typically resulting in a crash, leading ...

CVE-2026-31711

A flaw was found in the Linux kernel's ksmbd server. An unauthenticated remote attacker can exploit this by holding open connections with large data lengths, leading to a leak of connection resources. This resource exhaustion can prevent new legitimate connections from being established, resultin...

CVE-2026-33595

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

Fedora 44 : cpp-httplib (2026-03599f0b32)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-03599f0b32 advisory. Update to 0.38.0 rhbz2447261 - Filename sanitization for path traversal prevention Added sanitizefilename to prevent path traversal attacks via malicious...

CVE-2026-33219

A flaw was found in NATS-Server. A malicious client connecting to the WebSockets port can cause unbounded memory use before authentication by sending a large amount of data. This resource exhaustion vulnerability can lead to a Denial of Service DoS for the server, making it unavailable to...

CVE-2025-68659 Discourse has DoS vulnerability in username change endpoint

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of service vulnerabilityin the username change functionality at try.discourse.org. The vulnerability allows attackers to cause noticeable server delays and...

CVE-2025-68160

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading ...

CVE-2025-68160

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading ...

Astra Linux - уязвимость в nbdkit

A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service...

Astra Linux - уязвимость в nbdkit

There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error,...

curl: WebSocket Logic Error: Control Frame (PING/PONG) Starvation causes Connection Drop (DoS) during large transfers

Summary: I have discovered a logic flaw in lib/ws.c regarding the handling of WebSocket Control Frames PING/PONG. According to RFC 6455, Control Frames should be processed as soon as possible, even in the middle of fragmented data frames, to maintain connection state Keep-Alive. However, libcurl...

CVE-2025-47323

Memory corruption while routing GPR packets between user and root when handling large data packet...

CVE-2025-47323

Memory corruption while routing GPR packets between user and root when handling large data packet...