Astra Linux - уязвимость в golang-golang-x-net, golang-1.15

In Go, before versions 1.15.12 and 1.16.x, and before version 1.16.4, net/http allowed remote attackers to cause a denial of service panic through a large header sent to ReadRequest or ReadResponse. This issue can affect the Server, Transport, and Client components in certain configurations...

DEBIAN-CVE-2026-42561

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...

CVE-2026-42561

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...

CVE-2026-40686

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present malformed UTF-8 header data. Information might be divulged within an error message produced during handling of an unrelated e-mail message...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the WAV file processing path when the multiplication of samplesperblock and blocks exceeds the maximum value for a 32-bit integer, resulting in an integer overflow before assignment to a 64-bit variable...

CVE-2026-5440

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

MiracleLinux 8 : rsync-3.1.3-19.el8 (AXSA:2022-4191:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4191:08 advisory. zlib: heap-based buffer over-read and overflow in inflate in inflate.c via a large gzip header extra field CVE-2022-37434 Tenable has extracted the preceding...

CVE-2025-64702 quic-go HTTP/3 QPACK Header Expansion DoS

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

Allocation of Resources Without Limits or Throttling

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the extractsegment and extractheader processes. An unauthenticated attacker can exhaust system resources and...

CVE-2022-50345

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-48956

vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.10.1.1, a Denial of Service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion,...

CVE-2025-48956 vLLM API endpoints vulnerable to Denial of Service Attacks

vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.10.1.1, a Denial of Service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion,...

vllm API endpoints vulnerable to Denial of Service Attacks

Summary A Denial of Service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making ...

PT-2025-34225 · Vllm · Vllm

Name of the Vulnerable Software and Affected Versions: vLLM versions 0.1.0 through 0.10.1.0 Description: vLLM is an inference and serving engine for large language models LLMs. A Denial of Service DoS vulnerability can be triggered by sending a single HTTP GET request with an extremely large head...

vLLM 资源管理错误漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. A resource management error vulnerability exists in vLLM versions prior to 0.1.0 through 0.10.1.1, which stems from the fact that sending an HTTP GET request with a very large header cou...

apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling wh...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling wh...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling wh...