PT-2026-37149

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Authenticated users can cause a denial of service by uploading large amounts of data, which may exhaust the disk space of the Incus server and potentially crash the host system. This occurs because...

GHSA-8VQR-QJWX-82MW Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads

Summary Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size...

CVE-2026-34829

Rack is vulnerable to a Denial of Service caused by unbounded multipart file uploads when a request uses multipart/form-data without a Content-Length header. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO if CONTENT_LENGTH exists; w...

CVE-2026-34829 Rack: Denial of Service via Unbounded Multipart File Upload Without Content-Length

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

[SECURITY] [DLA 4360-1] pure-ftpd security update

Debian LTS Advisory DLA-4360-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón November 03, 2025 https://wiki.debian.org/LTS Package : pure-ftpd Version : 1.0.49-4.1+deb11u1 CVE ID : CVE-2021-40524 Debian Bug : 993810 It was discovered that pure-ftpd, a secu...

Debian dla-4360 : pure-ftpd - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4360 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4360-1 [email protected] https://www.debian.org/lts/security/...

tomcat: Apache Tomcat: DoS in examples web application

A flaw was found in the "examples" web application of Apache Tomcat. Numerous examples within that application did not place limits on uploaded data. This vulnerability can potentially trigger an out-of-memory OOM error, leading to a denial of service...

SUSE CVE-2021-40524

In Pure-FTPd before 1.0.50, an incorrect maxfilesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. Versions 1.0.2...