Lucene search
K

41 matches found

OSV
OSV
added 2026/05/28 10:16 a.m.6 views

UBUNTU-CVE-2026-46105

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Limit NVMe request size to 2 MiB The HBA firmware reports NVMe MDTS values based on the underlying drive capability. However, because the driver allocates a fixed 4K buffer for the PRP list, accommodating at most 5...

7.8CVSS5.8AI score0.00127EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.23 views

PT-2026-44228

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the mpt3sas SCSI driver where the HBA firmware reports NVMe MDTS Maximum Data Transfer Size values based ...

9.8CVSS6.2AI score0.03663EPSS
Exploits16References279
NVD
NVD
added 2026/05/06 10:16 p.m.28 views

CVE-2026-41484

OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the...

5.9CVSS0.00338EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 9:0 p.m.47 views

CVE-2026-41484 OpenTelemetry.Exporter.OneCollector vulnerable to denial of service via unbounded HTTP error response body

OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the...

5.3CVSS0.00338EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 9:0 p.m.12 views

CVE-2026-41484

OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the...

5.3CVSS5.8AI score0.00338EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 8:58 p.m.9 views

CVE-2026-41483 Unbounded HTTP response body read in OpenTelemetry.Resources.Azure

OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size limit. An attacker w...

5.9CVSS5.8AI score0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:58 p.m.10 views

CVE-2026-41483

OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size limit. An attacker w...

5.9CVSS5.8AI score0.00323EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/01 5:50 p.m.6 views

JLSEC-2026-378

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

5.5CVSS5.8AI score0.00183EPSS
Exploits0References2
OSV
OSV
added 2026/02/20 9:52 p.m.6 views

GHSA-CXPW-2G23-2VGW OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs

Vulnerability The ACP bridge accepted very large prompt text blocks and could assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE integrations that send unusually large inputs. Affected...

4.8CVSS5.5AI score0.00165EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/02/20 9:52 p.m.10 views

OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs

Vulnerability The ACP bridge accepted very large prompt text blocks and could assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE integrations that send unusually large inputs. Affected...

4.8CVSS5.6AI score0.00165EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/11/28 7:15 a.m.3 views

UBUNTU-CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

5.5CVSS5.8AI score0.00183EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/28 12:0 a.m.10 views

CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

2.9CVSS0.00183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/28 12:0 a.m.1 views

CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

2.9CVSS6.4AI score0.00183EPSS
Exploits0References1
OSV
OSV
added 2025/08/29 3:38 p.m.6 views

GHSA-4H45-JPVH-6P5J Rancher affected by unauthenticated Denial of Service

Impact A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public unauthenticated and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into...

8.2CVSS6.7AI score0.00482EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/08/29 12:0 a.m.6 views

PT-2025-35332

Name of the Vulnerable Software and Affected Versions Rancher Manager versions 2.9.12, 2.10.9, 2.11.5, and 2.12.1 Description A high-severity Denial of Service DoS flaw exists in Rancher Manager, allowing attackers to crash servers by sending oversized API requests to certain public unauthenticat...

9.9CVSS6.5AI score0.10543EPSS
Exploits21References58
OSV
OSV
added 2025/06/18 10:15 a.m.1 views

UBUNTU-CVE-2025-38071

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Check return value from memblockphysallocrange At least with CONFIGPHYSICALSTART=0x100000, if there is 4 MiB of contiguous free memory available at this point, the kernel will crash and burn because memblockphysallocrange...

5.5CVSS6.2AI score0.00155EPSS
Exploits0References31
Amazon
Amazon
added 2025/04/29 12:0 a.m.3 views

Medium: containerd

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

7.5CVSS6.8AI score0.01544EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.5 views

Medium: runc

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

7.5CVSS6.8AI score0.01544EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.7 views

Medium: containerd

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

7.5CVSS6.8AI score0.01544EPSS
Exploits0
Amazon
Amazon
added 2025/04/29 12:0 a.m.5 views

Medium: runc

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

7.5CVSS6.8AI score0.01544EPSS
Exploits0
Rows per page
Query Builder