Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the decodeHuffmanEncodedLiteral function in the QPACK decoder, which allocates memory for a byte array based on a length value received from the network without verifying that sufficie...

EUVD-2021-0968

Malware in sbrugna...

EUVD-2006-0437

Malware in sbrugna...

EUVD-2016-0241

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-32640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantl...

GHSA-R3V7-PC4G-7XP9 Oak Server has ReDoS in x-forwarded-proto and x-forwarded-for headers

Summary With specially crafted value of the x-forwarded-proto or x-forwarded-for headers, it's possible to significantly slow down an oak server. Vulnerable Code - https://github.com/oakserver/oak/blob/v17.1.5/request.tsL87 - https://github.com/oakserver/oak/blob/v17.1.5/request.tsL142 PoC - setu...

CVE-2025-55152 oak: ReDoS in x-forwarded-proto and x-forwarded-for headers

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or x-forwarded-for headers...

CVE-2023-42457

plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...

CVE-2024-12601

The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large value...

Design/Logic Flaw

SAP NetWeaver Change and Transport System - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact ...

CVE-2023-1894

CVE-2023-1894 is a ReDoS affecting Puppet Server 7.9.2 during certificate validation. The vulnerability arises from crafted certificate names and results in significantly slowed server operations. Public details in the provided documents confirm Puppet Server as the affected component and describ...

simplepush 资源管理错误漏洞

simplepush is a mobile application from the German company simplepush. Push notifications can be sent to your device immediately via API or third-party integration. A security vulnerability exists in simplepush that stems from the registration of a fake application using the wrong deviceTokens,...

AZL-44670 CVE-2021-32640 affecting package js-jquery 3.5.0-4

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

github ws 资源管理错误漏洞

github ws is a software application. An easy-to-use, fast-running and thoroughly tested approach to WebSocket client and server implementations. A security vulnerability exists in versions of ws prior to 7.4.6, which stems from a special value in the "Sec-Websocket-Protocol" header that can be us...

Code injection

IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL...

CVE-2016-0206

IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL...

CVE-2016-0206

IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL...

CVE-2016-0206

IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL...

CVE-2006-0430

Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service server slowdown...

CVE-2006-0430

CVE-2006-0430 affects BEA WebLogic Server and WebLogic Express where, under the condition that connection filters are enabled, certain versions are slower and allow remote attackers to cause a denial of service. Affected products include BEA WebLogic Server and WebLogic Express 9.0, 8.1 through S...