CVE-2026-27633 TinyWeb has Unbounded Content-Length Memory Exhaustion (DoS)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-8686:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8686:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

MiracleLinux 7 : openssh-7.4p1-23.0.3.0.1.el7.AXS7 (AXSA:2025-9844:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9844:01 advisory. CVE-2025-26465: fix vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled CVEs: CVE-2025-26465 A vulnerability was found in OpenSSH when the...

EulerOS 2.0 SP9 : openssh (EulerOS-SA-2026-1015)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent...

EUVD-2010-2252

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-2253

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the /v2/catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned query...

K000150876: OpenSSH vulnerability CVE-2025-26465

Security Advisory Description A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions...

Fedora 40 : openssh (2025-62f6cb2785)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-62f6cb2785 advisory. Fix missing error codes set and invalid error code checks in OpenSSH. It prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS i...

Azure Linux 3.0 Security Update: libcontainers-common / telegraf (CVE-2024-37298)

The version of libcontainers-common / telegraf installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37298 advisory. - gorilla/schema converts structs to and from form values. Prior to version 1.4.1...

Rocky Linux 8 : container-tools:rhel8 (RLSA-2024:5258)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5258 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.0 security update

Red Hat OpenShift Service Mesh Containers for 2.6.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Potential memory exhaustion attack due to sparse slice deserialization

Details Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. For instance, in the Proof of Concept written below, someone can specify to set a field of the...

QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack

...

CVE-2024-22189 QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

PT-2023-27520 · Go-Libp2P · Go-Libp2P

Name of the Vulnerable Software and Affected Versions: go-libp2p versions prior to 0.27.4 go-libp2p versions prior to 0.30.0 Description: A malicious actor can store an arbitrary amount of data in a remote node's memory by sending the node a message with a signed peer record. This memory does not...

CVE-2022-27897 Palantir Gotham included an endpoint that would log arbitrary sized zip files.

Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server...

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing an error can only occur due to an exhaustion of memory. If the user can exhaust memory they are already privileged. Further it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place

...

rpcbind, LIBTIRPC and NTIRPC Denial of Service Vulnerabilities

rpcbind, LIBTIRPC, and NTIRPC are all applications used in Linux. rpcbind is a server that translates RPC program numbers into generic addresses; LIBTIRPC is a package that contains libraries to support programs that use the Remote Procedure Call RPC API; and NTIRPC is a stand-alone RPC library f...

FreeBSD-SA-16:17.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:17.openssl Security Advisory The FreeBSD Project Topic: Multiple OpenSSL vulnerabilities Category: contrib Module: openssl Announced: 2016-05-04 Credits:...