477 matches found
Excessive Iteration
Overview PyPDF2 is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Excessive Iteration in the incremental mode for PDF processing. An attacker can cause excessive resource consumption and...
Excessive Iteration
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Excessive Iteration in the incremental mode for PDF processing. An attacker can cause excessive resource consumption and...
pypdf: Possible long runtimes for wrong size values in incremental mode
Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer /Size value in incremental mode. Patches This has been fixed in pypdf==6.10.2. Workarounds If you cannot upgrade yet, consider applying the changes from PR...
PT-2026-34566
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that causes long runtimes. This occurs when loading a PDF in incremental mode that contains a large /Size value in the trailer...
GHSA-HV4R-MVR4-25VW MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads
Impact What kind of vulnerability is it? Who is impacted? An authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid...
MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads
Impact What kind of vulnerability is it? Who is impacted? An authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid...
GHSA-9C4Q-HQ6P-C237 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads
Impact Two authentication bypass vulnerabilities in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allow any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is...
MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads
Impact Two authentication bypass vulnerabilities in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allow any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is...
PT-2026-34234
Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2023-05-18T00-05-36Z through RELEASE.2026-04-11T03-20-12Z Description An authentication bypass exists in the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path. An attacker possessing a valid access key can write arbitrary...
curl: Integer Overflow/Signedness Mismatch in Printf Precision for HTTP/2 Trailer Headers
BUG IN https://raw.githubusercontent.com/curl/curl/07a9b89fedaec60bdbc254f23f66149b31d2f8da/lib/http2.c c ifstream-bodystarted / This is a trailer / H2BUGFinfofdatas, "h2 trailer: %.s: %.s", namelen, name, valuelen, value; result = Curldynaddf&stream-trailerrecvbuf, "%.s: %.s\r\n", namelen, name,...
PT-2026-34231
Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2023-05-18T00-05-36Z through RELEASE.2026-04-11T03-20-12Z Description An authentication bypass exists in the Snowball auto-extract handler PutObjectExtractHandler. This issue allows a user with a valid access key to writ...
SUSE CVE-2026-22815
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...
Memory Exhaustion
aiohttp is vulnerable to Memory Exhaustion. The vulnerability is due to insufficient restrictions in header/trailer handling, where unlimited trailer headers are accepted and an attacker can send a request or response with many trailers to cause uncapped memory usage...
CVE-2026-22815
A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for Python. Insufficient restrictions in header and trailer handling could allow a remote attacker to cause uncapped memory usage. This can lead to a Denial of Service DoS condition, making the affected web server...
CVE-2026-22815
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...
CVE-2026-22815
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...
CVE-2026-22815 AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...
CVE-2026-22815 AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...
CVE-2026-22815
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...
CVE-2026-22815 AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...