112 matches found
GO-2026-5016 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...
CVE-2026-33378
Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...
CVE-2026-33378 Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro
Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...
CVE-2026-33378 Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro
Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which arises from using the timeGroup macro, potentially leading to server overload and OOM issues...
GHSA-33HQ-FVWR-56PM devalue affected by CPU and memory amplification from sparse arrays
Under certain circumstances, serializing sparse arrays using uneval or stringify could cause CPU and/or memory exhaustion. When this occurs on the server, it results in a DoS. This is extremely difficult to take advantage of in practice, as an attacker would have to manage to create a sparse arra...
CVE-2021-47752 AWebServer GhostBuilding 18 - Denial of Service (DoS)
AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers to overwhelm the server by sending multiple concurrent HTTP requests. Attackers can generate high-volume requests to multiple endpoints including /mysqladmin to potentially crash or render the...
python-kdcproxy: Remote DoS via unbounded TCP upstream buffering
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
EUVD-2019-1136
Malware in sbrugna...
EUVD-2018-0563
Malware in sbrugna...
EUVD-2017-0364
Malware in sbrugna...
EUVD-2021-0561
Malware in sbrugna...
EUVD-2025-7026
Malicious code in bioql PyPI...
EUVD-2025-28245
Malicious code in bioql PyPI...
EUVD-2022-7562
Malicious code in bioql PyPI...
EUVD-2023-34872
Malicious code in bioql PyPI...
EUVD-2025-7024
Malicious code in bioql PyPI...
EUVD-2022-3130
Malicious code in bioql PyPI...
EUVD-2025-7046
Malicious code in bioql PyPI...
EUVD-2025-12105
Malicious code in bioql PyPI...