Lucene search
K

25 matches found

OSV
OSV
added last week4 views

RLSA-2026:33731 Moderate: rrdtool security update

The round robin database RRD system stores and displays time-series data, such as network bandwidth, machine-room temperature, and server load average. RRDtool is a high performance data logging and graphing utility, which can be easily integrated with shell scripts, or used to create application...

7.8CVSS6.1AI score0.00132EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 9:17 a.m.2 views

CVE-2026-56810 mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS6AI score0.00344EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.4 views

Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

8.7CVSS7.1AI score0.00671EPSS
Exploits0References8
OSV
OSV
added 2026/05/29 8:16 p.m.10 views

DEBIAN-CVE-2026-46599

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/04 7:46 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the io.Copy process that handles binary import requests. An attacker can exhaust disk space on the host system by continuously streaming large amounts of data to the affected...

5.3CVSS5.8AI score0.00333EPSS
Exploits1References2
NVD
NVD
added 2026/04/24 6:16 p.m.11 views

CVE-2026-42036

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This...

5.3CVSS0.00421EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/06 7:3 a.m.36 views

CVE-2026-29049 melange: unbounded HTTP download in `melange update-cache` can exhaust disk in CI

melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cau...

4.3CVSS0.00226EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/25 5:36 p.m.11 views

Sliver has Potential Zip Bomb Denial of Service in GzipEncoder

Summary GzipEncoder does not limit output size when processing compressed data. This allows unauthenticated remote attackers to crash sliver server by sending a http request with highly compressed gzip data aka zip bomb. Details In util/encoders/gzip.go, Decode method decompresses given data by...

5.8AI score
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.5 views

CPython 安全漏洞

CPython is a Python interpreter implemented in C from the Python Foundation. A security vulnerability exists in CPython that stems from the plistlib module reading data without limiting the size, which could lead to out-of-memory and denial-of-service issues with malicious files...

5.5CVSS6.5AI score0.00193EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2025/11/12 4:40 p.m.2 views

CVE-2025-59089

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

5.9CVSS6.1AI score0.00511EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2025/11/04 7:51 p.m.3 views

rack: Rack memory exhaustion denial of service

A denial of service flaw has been found in the rubygems rack package. Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory without a size cap, allowing...

7.5CVSS6.8AI score0.00868EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/04 11:19 a.m.5 views

rack: Rack memory exhaustion denial of service

A denial of service flaw has been found in the rubygems rack package. Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory without a size cap, allowing...

7.5CVSS6.8AI score0.00868EPSS
Exploits0References8
OSV
OSV
added 2025/10/29 11:16 p.m.8 views

AZL-68999 CVE-2025-58183 affecting package buildah 1.41.4-6

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

4.3CVSS7.2AI score0.00419EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/29 2:40 p.m.4 views

Security Bulletin: Vulnerability in Netty's HttpPostRequestDecoder Allows Unbounded Memory Accumulation, which affects IBM watsonx.data

Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no...

5.3CVSS6.4AI score0.0138EPSS
Exploits1Affected Software1
Packet Storm News
Packet Storm News
added 2025/05/18 12:0 a.m.6 views

Private Statistical Estimation Via Truncation

We introduce a novel framework for differentially private DP statistical estimation via data truncation, addressing a key challenge in DP estimation when the data support is unbounded. Traditional approaches rely on problem-specific sensitivity analysis, limiting their applicability. By leveragin...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/09/12 3:5 p.m.4 views

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

5.3CVSS7.2AI score0.0138EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2024/08/15 8:7 p.m.5 views

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

5.3CVSS7.2AI score0.0138EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2024/08/08 5:23 p.m.3 views

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

5.3CVSS7.2AI score0.0138EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2024/06/03 11:52 a.m.2 views

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

5.3CVSS7.2AI score0.0138EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2024/05/30 8:24 p.m.4 views

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

5.3CVSS7.2AI score0.0138EPSS
Exploits1References8
Rows per page
Query Builder