379 matches found
CVE-2026-44601
Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009...
CVE-2026-44601
Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009...
CVE-2026-44601
Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009...
CVE-2026-44601
Tor could crash a client when facing circuit queue memory pressure due to a double close of a circuit (TROVE-2026-009). Affected software: Tor prior to version 0.4.9.7. Root cause: circuit handling under memory pressure allows a double close, causing a denial of service on affected clients. Impac...
CVE-2026-44601
Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009...
Tor 安全漏洞
Tor is a virtual tunnel network created by the Tor Project organization. It allows individuals and groups to enhance their privacy and security on the Internet. Versions of Tor prior to 0.4.9.7 contained a security vulnerability that could lead to client crashes due to the double closure of...
PT-2026-38336
Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.4.9.7 Description A client crash can occur when circuit queue memory pressure exists due to a double close of a circuit. Recommendations Update to version 0.4.9.7 or later...
CVE-2026-41483
OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size limit. An attacker w...
CVE-2026-41484 OpenTelemetry.Exporter.OneCollector vulnerable to denial of service via unbounded HTTP error response body
OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the...
CVE-2026-41484
OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the...
CVE-2026-41483 Unbounded HTTP response body read in OpenTelemetry.Resources.Azure
OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size limit. An attacker w...
CVE-2026-41483 Unbounded HTTP response body read in OpenTelemetry.Resources.Azure
OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size limit. An attacker w...
CVE-2026-41483
OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size limit. An attacker w...
CVE-2026-41483
OpenTelemetry.Resources.Azure (Azure VM resource detector) suffers from unbounded HTTP response body reads in AzureVmMetaDataRequestor when contacting the Azure VM metadata endpoint, causing unbounded memory usage and potential DoS. The issue affects versions 1.15.0-beta.1 and earlier; it is fixe...
OpenTelemetry .NET Contrib 安全漏洞
OpenTelemetry .NET Contrib is an open-source telemetry data collection and processing library developed by OpenTelemetry - CNCF. Versions of OpenTelemetry .NET Contrib prior to 1.15.0 contain security vulnerabilities. These vulnerabilities stem from the HttpJsonPostTransport class, which allows...
CVE-2026-32936
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...
CVE-2026-32936
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...
EUVD-2026-27442
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...
CVE-2026-42788 HTTP/2 frame size limit checked after body is buffered in bandit
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames. 'Elixir.Bandit.HTTP2.Frame':deserialize/2 in lib/bandit/http2/frame.ex checks the SETTINGSMAXFRAMESIZE limit only after pattern-matching...
Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1619)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1619 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control...