Lucene search
K

11 matches found

NVD
NVD
added 2026/07/08 12:16 a.m.9 views

CVE-2026-55079

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...

6.5CVSS0.00611EPSS
Exploits0References6
CVE
CVE
added 2026/07/07 11:50 p.m.12 views

CVE-2026-55079

Coder’s GO-based provisioner vulnerability arises from NewDataBuilder allocating a byte slice using client-supplied FileSize without an upper bound. The DRPC wire limit is 4 MiB, but FileSize could be much larger, causing memory exhaustion and potential denial of service when an authenticated use...

6.5CVSS6AI score0.00611EPSS
Exploits0References6Affected Software1
RubySec
RubySec
added 2026/04/02 12:0 a.m.42 views

Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads

Summary Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size...

7.5CVSS5.9AI score0.00369EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2025/10/24 12:30 a.m.7 views

Liferay Portal ComboServlet denial of service via large file combination

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files i...

7.5CVSS6.9AI score0.00508EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2025/10/23 10:16 p.m.9 views

CVE-2025-62254

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files i...

6.9CVSS0.00508EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/22 5:32 p.m.22 views

CVE-2025-32952 io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...

6.5CVSS0.00598EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.35 views

RHCOS 4 : OpenShift Container Platform 4.12.22 (RHSA-2023:3613)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3613 advisory. - golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers CVE-2022-2879 - golang:...

7.5CVSS6.8AI score0.02607EPSS
Exploits1References16
CNNVD
CNNVD
added 2022/09/14 12:0 a.m.6 views

axum 安全漏洞

axum is a Tokio open source web application framework focused on ergonomics and modularity. A security vulnerability exists in axum that stems from the fact that it does not limit the size of files, causing it to run out of memory and crash...

7.5CVSS7.3AI score0.0082EPSS
Exploits1References3
OSV
OSV
added 2021/09/05 7:15 p.m.16 views

CVE-2021-40524

In Pure-FTPd before 1.0.50, an incorrect maxfilesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. Versions 1.0.2...

7.5CVSS6.8AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2021/09/05 7:15 p.m.41 views

CVE-2021-40524

In Pure-FTPd before 1.0.50, an incorrect maxfilesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. Versions 1.0.2...

7.5CVSS7.1AI score0.04285EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2018/04/23 12:36 p.m.5 views

chromium-browser: Incorrect handling of files by FileAPI

readAsText can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page...

6.5CVSS7.4AI score0.01414EPSS
Exploits0References5
Rows per page
Query Builder