Lucene search
+L

57 matches found

CNNVD
CNNVD
added 2025/08/21 12:0 a.m.7 views

vLLM 资源管理错误漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. A resource management error vulnerability exists in vLLM versions prior to 0.1.0 through 0.10.1.1, which stems from the fact that sending an HTTP GET request with a very large header cou...

7.5CVSS6.2AI score0.00527EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/28 1:54 p.m.5 views

apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

7.5CVSS7.2AI score0.64718EPSS
Exploits1References6
Snyk
Snyk
added 2025/04/08 4:0 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling wh...

8.7CVSS6.9AI score0.0154EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/08 4:0 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling wh...

8.7CVSS6.9AI score0.0154EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/08 4:0 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling wh...

8.7CVSS6.9AI score0.0154EPSS
Exploits0References2
OSV
OSV
added 2024/05/21 3:15 p.m.4 views

DEBIAN-CVE-2021-47240

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix OOB Read in qrtrendpointpost Syzbot reported slab-out-of-bounds Read in qrtrendpointpost. The problem was in wrong size type: if len != ALIGNsize, 4 + hdrlen goto err; If size from qrtrhdr is 4294967293 0xfffffffd,...

7.1CVSS5.5AI score0.00233EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.5 views

PT-2024-2567 · Unknown +2 · Erlang-Jose +2

Name of the Vulnerable Software and Affected Versions: erlang-jose versions through 1.11.6 Description: The issue is related to an uncontrolled resource consumption in the erlang-jose module for JSON object signing and encryption for Erlang and Elixir languages. This can be exploited by a remote...

7.8CVSS5.5AI score0.00887EPSS
Exploits0References25
OSV
OSV
added 2023/12/14 6:15 p.m.2 views

DEBIAN-CVE-2023-50269

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to...

7.5CVSS7.7AI score0.57627EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/08/03 2:15 p.m.6 views

golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...

5.3CVSS6.6AI score0.05623EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2023/06/23 4:43 a.m.6 views

golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...

5.3CVSS6.6AI score0.05623EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2023/05/18 12:14 a.m.28 views

golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache...

5.3CVSS6.6AI score0.05623EPSS
Exploits0References9
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.39 views

K55518036: GO vulnerability CVE-2021-31525

Security Advisory Description net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. CVE-2021-31525 Impact There...

5.9CVSS7.4AI score0.03692EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.4 views

SUSE CVE-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

6.5CVSS8.4AI score0.03692EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.4 views

SUSE CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

7.5CVSS7.4AI score0.05623EPSS
Exploits0References8
OSV
OSV
added 2022/12/08 8:15 p.m.7 views

AZL-33645 CVE-2022-41717 affecting package sriov-network-device-plugin for versions less than 3.6.2-2

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 8:15 p.m.6 views

AZL-34276 CVE-2022-41717 affecting package nmi for versions less than 1.8.17-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 8:15 p.m.7 views

AZL-79004 CVE-2022-41717 affecting package golang 1.25.7-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/30 12:0 a.m.11 views

PT-2022-7291

Name of the Vulnerable Software and Affected Versions net/http versions prior to the fixed version Description The issue is related to the net/http package in the Go programming language, which is vulnerable to excessive memory growth due to unbounded resource allocation. An attacker can cause th...

9.8CVSS8.5AI score0.91969EPSS
Exploits15References302
Github Security Blog
Github Security Blog
added 2022/05/24 7:3 p.m.48 views

golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion

golang.org/x/net/http/httpguts in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

5.9CVSS6.5AI score0.03692EPSS
Exploits0References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/24 12:0 a.m.42 views

Uncontrolled Recursion

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

5.9CVSS5.6AI score0.03692EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder