Lucene search
K

102 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago7 views

libcurl 8.16.0 < 8.21.0 WebSocket Auto-PONG Memory Exhaustion (CVE-2026-11586)

The version of libcurl installed on the remote host is 8.16.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a...

7.5CVSS6.1AI score0.0086EPSS
Exploits1References2
OSV
OSV
added 2026/06/26 8:51 p.m.4 views

GHSA-CGWC-PV48-FHJ5 python-engineio has unbound thread allocation that can cause denial of service

Impact An attacker can cause the creation of unnecessary background threads in the python-engineio server by exploiting the heartbeat mechanism, which launches a thread when a new connection is received, and when the client sends a PONG packet. Note: this issue primarily affects synchronous...

7.5CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/24 8:0 a.m.14 views

CURL-CVE-2026-11586 WS Auto-PONG memory exhaustion

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS5.8AI score0.0086EPSS
Exploits1
Hacker One
Hacker One
added 2026/06/08 7:54 a.m.7 views

curl: CVE-2026-11586: WS Auto-PONG memory exhaustion

Summary: TL;DR: a remote WebSocket peer can make default curl/libcurl grow memory until timeout or OOM by sending legal PING frames while refusing to read the client's automatic PONGs. curl automatically replies to each received WebSocket PING with a PONG unless CURLWSNOAUTOPONG is set. In...

7.5CVSS5.9AI score0.0086EPSS
Exploits1
Debian
Debian
added 2026/05/17 9:36 a.m.16 views

[SECURITY] [DSA 6279-1] redis security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6279-1 [email protected] https://www.debian.org/security/ Aron Xu May 17, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

8.5CVSS6AI score0.00586EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.5 views

CVE-2021-33586

InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user able to connect to the server to access recently deallocated memory, aka the "malformed PONG" issue...

4.3CVSS6.8AI score0.0089EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/12/27 6:12 p.m.18 views

curl: WebSocket Logic Error: Control Frame (PING/PONG) Starvation causes Connection Drop (DoS) during large transfers

Summary: I have discovered a logic flaw in lib/ws.c regarding the handling of WebSocket Control Frames PING/PONG. According to RFC 6455, Control Frames should be processed as soon as possible, even in the middle of fragmented data frames, to maintain connection state Keep-Alive. However, libcurl...

6.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/15 2:35 p.m.7 views

CVE-2025-14518

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to...

9.8CVSS6.6AI score0.00323EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2025/12/11 3:2 p.m.7 views

CVE-2025-14518 PowerJob Network Request PingPongUtils.java checkConnectivity server-side request forgery

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to...

6.5CVSS6.5AI score0.00323EPSS
Exploits3References6
OSV
OSV
added 2025/12/11 3:2 p.m.7 views

CVE-2025-14518 PowerJob Network Request PingPongUtils.java checkConnectivity server-side request forgery

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to...

5.3CVSS6.2AI score0.00323EPSS
Exploits3References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-20272

Malware in sbrugna...

4.3CVSS4.5AI score0.0089EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6331

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.01375EPSS
Exploits1References25
SUSE Linux
SUSE Linux
added 2025/09/25 10:50 a.m.5 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Predictable WebSocket mask bsc1249348 Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 tooloperate: fix return code when --retry is used but not triggered...

7.5CVSS7.6AI score0.01301EPSS
Exploits1References16
SUSE Linux
SUSE Linux
added 2025/09/18 11:9 a.m.4 views

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server...

7.5CVSS6.8AI score0.01301EPSS
Exploits1References16
OSV
OSV
added 2025/09/18 11:8 a.m.4 views

SUSE-SU-2025:03268-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious serv...

7.5CVSS7.1AI score0.01301EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/09/13 12:0 a.m.6 views

SUSE SLED15: curl / libcurl-devel / libcurl-devel-32bit / libcurl4 / etc (SUSE-SU-2025:03198-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03198-1 advisory. Update to version 8.14.1 jscPED-13055, jscPED-13056. Security issues fixed: - CVE-2025-0665:...

7.5CVSS6.8AI score0.01301EPSS
Exploits7References24
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-1319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though...

7.5CVSS6.8AI score0.01258EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2021-3690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial...

7.5CVSS6.8AI score0.01375EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/06/25 12:16 a.m.5 views

undertow: Double AJP response for 400 from EAP 7 results in CPING failures

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

7.5CVSS7.3AI score0.01258EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/05/17 12:0 a.m.5 views

AES-RV: Hardware-Efficient RISC-V Accelerator with Low-Latency AES Instruction Extension for IoT Security

The Advanced Encryption Standard AES is a widely adopted cryptographic algorithm essential for securing embedded systems and IoT platforms. However, existing AES hardware accelerators often face limitations in performance, energy efficiency, and flexibility. This paper presents AES-RV, a...

6.9AI score
Exploits0
Rows per page
Query Builder