File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ [basic ]
2+ description = " Linux syslogd 在处理大量网络连接时存在拒绝服务漏洞。远程攻击者可向 syslogd 服务发送大量连接请求,导致服务资源耗尽而崩溃,无法正常记录系统日志。受影响的系统包括 Caldera OpenLinux 和 Red Hat Linux 等发行版。"
3+ published = " 1999-11-18T00:00:00Z"
4+ remediation = " 升级 Caldera OpenLinux 或 Red Hat Linux 到包含 syslogd 补丁的最新版本。限制对 syslogd 服务端口(514/UDP)的网络访问,通过防火墙规则仅允许可信来源的连接请求,避免暴露服务到不可信网络。"
5+ score = 5.0
6+ severity = " MEDIUM"
7+ sources = [" redhat" ]
8+ title = " Linux syslogd 远程拒绝服务漏洞"
9+ updated = " 2026-06-16T00:00:00Z"
10+
11+ [exploit ]
12+ exp_urls = []
13+ poc_urls = []
14+
15+ [id ]
16+ aliases = [" CVE-1999-0831" ]
17+ ave_id = " AVE-1999-0215"
18+ cve_id = " CVE-1999-0831"
19+
20+ [meta ]
21+ collected_at = " 2026-07-11T00:00:00Z"
22+ status = " completed"
23+
24+ [references ]
25+ urls = [
26+ " https://nvd.nist.gov/vuln/detail/CVE-1999-0831" ,
27+ " https://access.redhat.com/security/cve/CVE-1999-0831" ,
28+ " http://www.securityfocus.com/bid/809" ,
29+ ]
Original file line number Diff line number Diff line change 1+ [id ]
2+ ave_id = " AVE-2026-0054"
3+ cve_id = " CVE-2026-49476"
4+ aliases = [" GHSA-2wc2-fm75-p42x" ]
5+
6+ [basic ]
7+ title = " Soup Sieve CSS 选择器解析器内存耗尽漏洞"
8+ description = " soupsieve(Beautiful Soup 4 的 CSS 选择器引擎)中的 CSS 选择器解析器在编译大型逗号分隔选择器列表时分配无界内存。攻击者可向 soupsieve.compile() 或 Beautiful Soup 的 .select()/.select_one() 提供特制的 CSS 选择器字符串,导致应用程序从约 500 KB 的输入分配约 244 MB 的堆内存(放大比约 488 倍),从而引发内存耗尽和拒绝服务。无需认证或用户交互即可发起攻击,并发请求会倍增影响。soupsieve 是 beautifulsoup4 的自动依赖项,下游影响广泛。"
9+ severity = " HIGH"
10+ score = 7.5
11+ cvss_v3 = " CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
12+ remediation = " 升级 soupsieve 至 2.8.4 或更高版本。临时缓解措施:避免将用户输入的 CSS 选择器直接传递给 soupsieve.compile() 或 Beautiful Soup 的 .select()/.select_one() 方法,并对选择器字符串长度和逗号分隔项数量实施严格限制。"
13+ published = " 2026-06-01"
14+ updated = " 2026-07-09"
15+ sources = [" ghsa" , " nvd" ]
16+
17+ [affected ]
18+ vendor = " facelessuser"
19+ product = " soupsieve"
20+
21+ [exploit ]
22+ poc_urls = [" https://github.com/advisories/GHSA-2wc2-fm75-p42x" ]
23+ exp_urls = []
24+
25+ [exploit .nuclei_templates ]
26+
27+ [references ]
28+ nvd = " https://nvd.nist.gov/vuln/detail/CVE-2026-49476"
29+ ghsa = " https://github.com/advisories/GHSA-2wc2-fm75-p42x"
30+ other = [" https://github.com/facelessuser/soupsieve" , " https://pypi.org/project/soupsieve/" ]
31+
32+ [meta ]
33+ collected_at = " 2026-07-11T12:00:00+00:00"
34+ status = " completed"
You can’t perform that action at this time.
0 commit comments