Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) al…

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in …

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to gen…

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 lib…

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.…

rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC throug…

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing th…

Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers…

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerabil…

When curl retrieves an HTTP response, it stores the incoming headers so that they can be access…

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit passwo…

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.…

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issu…

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. T…

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accep…

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed…

An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr…

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong p…

WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a lo…

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a…

SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial…

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior t…

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can…

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Po…

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to c…

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a r…

iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows …

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buff…

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly hand…

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in wh…

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 …

All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in…

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to…

httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via …

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Red…

Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding i…

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcompone…

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (comp…

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote …

IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large vo…