1885 matches found
pypdf 安全漏洞
pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Versions of pypdf prior to 6.7.1 contained security vulnerabilities. These vulnerabilities stemmed from /ToUnicode entries in the font parsing, whic...
CVE-2026-26313 Go Ethereum affected by DoS via malicious p2p message
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...
CVE-2026-26313 Go Ethereum affected by DoS via malicious p2p message
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...
CVE-2026-26313
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...
PT-2026-20908
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...
go-ethereum 安全漏洞
go-ethereum is an open-source Ethereum protocol library developed by ethereum. Versions of go-ethereum prior to 1.17.0 contained security vulnerabilities; these vulnerabilities allowed attackers to cause high memory usage by sending specially crafted P2P messages...
GHSA-WGVP-VG3V-2XQ3 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams
Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. Patches This has been fixed in pypdf==6.7.1. Workarounds ...
GHSA-689V-6XWF-5JF3 Go Ethereum affected by DoS via malicious p2p message
Impact An attacker can cause high memory usage by sending a specially-crafted p2p message. More details to be released later. Patches The issue is resolved in the v1.17.0 release. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by @revofusion...
Go Ethereum affected by DoS via malicious p2p message
Impact An attacker can cause high memory usage by sending a specially-crafted p2p message. More details to be released later. Patches The issue is resolved in the v1.17.0 release. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by @revofusion...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
FreeBSD : powerdns-recursor -- Denial of Service (67793feb-0b5b-11f1-a1c0-0050569f0b83)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 67793feb-0b5b-11f1-a1c0-0050569f0b83 advisory. PowerDNS Team reports: 2025-07: Internal logic flaw in cache management can lead to a denial o...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
FreeBSD : MongoDB Server -- Multiple vulnerabilities (77e32b14-0800-11f1-8a6f-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 77e32b14-0800-11f1-8a6f-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-114126 reports: Complex queries can cause excessive...
Linux Distros Unpatched Vulnerability : CVE-2026-1850
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash. CVE-2026-1850 Note that Nessus relies on the...