Lucene search
+L

57 matches found

RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-54428

A flaw was found in Apache HttpComponents Core. This vulnerability, located in the HTTP/2 HPACK decoder, allows a remote attacker to cause a denial of service. By sending oversized compressed header blocks, an attacker can exhaust memory resources before the system's configured header list size...

7.5CVSS6.1AI score0.00587EPSS
Exploits0References5
OSV
OSV
added 2026/07/07 4:3 p.m.5 views

PYSEC-2026-1203 Authlib is vulnerable to Denial of Service via Oversized JOSE Segments

Summary Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving...

7.5CVSS7.2AI score0.00596EPSS
Exploits1References7
NVD
NVD
added 2026/06/22 6:16 p.m.13 views

CVE-2026-54285

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were...

5.3CVSS0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 2:38 p.m.42 views

CVE-2026-41178 OpenTelemetry-Go's baggage parsing no longer caps raw header length

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS0.00237EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 2:38 p.m.3 views

CVE-2026-41178 OpenTelemetry-Go's baggage parsing no longer caps raw header length

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/28 5:4 p.m.13 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...

6.9CVSS5.8AI score0.00237EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 5:4 p.m.12 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...

6.9CVSS5.8AI score0.00237EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 5:4 p.m.13 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...

6.9CVSS5.8AI score0.00237EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/28 5:4 p.m.16 views

opentelemetry-go's baggage parsing no longer caps raw header length

Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Details The commit removes the upfront baggage-string length check and the...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/05/28 5:4 p.m.17 views

GHSA-5WRP-CWCJ-Q835 opentelemetry-go's baggage parsing no longer caps raw header length

Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Details The commit removes the upfront baggage-string length check and the...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44723

Name of the Vulnerable Software and Affected Versions OpenTelemetry Go affected versions not specified Description A denial-of-service issue exists due to the removal of raw-length rejection during baggage header parsing. The Parse function processes arbitrarily large or invalid baggage headers a...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References12
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Squid

Squid is an open-source caching proxy for the Web that supports HTTP, HTTPS, FTP, and more. Due to a bug related to collapsing data into unsafe values, Squid may be vulnerable to Denial of Service attacks involving HTTP header parsing. This issue allows a remote client or server to cause a Denial...

7.5CVSS6.8AI score0.88864EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-42561

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header...

7.5CVSS5.8AI score0.00549EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 2:56 p.m.6 views

CVE-2019-25478

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make i...

8.7CVSS6.1AI score0.00492EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 7:16 p.m.4 views

CVE-2019-25478

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make i...

8.7CVSS0.00492EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:23 p.m.2 views

CVE-2019-25478

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make i...

8.7CVSS6.1AI score0.00492EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 6:23 p.m.5 views

CVE-2019-25478 GetGo Download Manager 6.2.2.3300 Buffer Overflow DoS

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make i...

8.7CVSS6.1AI score0.00492EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.8 views

PT-2026-24775

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make i...

8.7CVSS6.1AI score0.00492EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/05 1:23 a.m.9 views

CVE-2025-71031

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...

7.5CVSS5.4AI score0.00478EPSS
Exploits1References1
NVD
NVD
added 2026/02/04 8:16 p.m.20 views

CVE-2025-71031

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...

7.5CVSS0.00478EPSS
Exploits1References2
Rows per page
Query Builder