HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to gen…

rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC throug…

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit passwo…

Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers…

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong p…

httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via …

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Po…

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) al…

Jetty is a java based web server and servlet engine. In affected versions servlets with multipa…

DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone control…

WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a lo…

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed…

A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Str…

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before…

GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFiel…

A malicious client can send many DNS messages over TCP, potentially causing the server to becom…

IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large vo…

When curl retrieves an HTTP response, it stores the incoming headers so that they can be access…

Spring WebFlux applications that have Spring Security authorization rules on static resources c…

Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaus…

Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk…

ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps l…

Denial of Service vulnerabilities where found providing a potiential for device service disrupt…

api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 h…

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java S…

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to…

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPad…

In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any…

A flaw was found in Undertow where malformed client requests can trigger server-side stream res…

Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Deni…

The pairing API request handler in Microsoft HoloLens 1 (Windows Holographic) through 10.0.1776…

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files create…

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resourc…

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of …

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of…

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buf…

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerabil…

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, co…

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issu…

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of…