5 matches found
EUVD-2026-19651
Gotenberg Vulnerable to ReDoS via extraHttpHeaders scope feature...
Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout
Impact The HTTP Gateway processes headers, but with no timeout set. With a Slowloris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommende...
H2O 安全漏洞
H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0, which stems from a typeahead endpoint that does not set a timeout when verifying the presence of a specified resource, which could allow an attack...
netty: SniHandler 16MB allocation leads to OOM
A flaw was found in Netty's SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per...
rubygem-openshift-origin-node: cron.daily/cron.weekly denial of service
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly...