[SECURITY] Fedora 44 Update: varnish-8.0.2-1.fc44

This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don=E2=80=99t have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a significant speed up...

Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Summary A Denial of Service DoS vulnerability allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Details The...

GHSA-7RQC-FF8M-7J23 Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Summary A Denial of Service DoS vulnerability allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Details The...

CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

EUVD-2025-32851

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

[SECURITY] Fedora 42 Update: perl-Plack-Middleware-Session-0.36-1.fc42

This is a Plack Middleware component for session management. By default it will use cookies to keep session state and store data in memory. This distribution also comes with other state and store solutions...

Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss

Summary An attacker can exploit a chain of vulnerabilities, including a Denial of Service DoS flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection. This makes the application susceptible to brute force attacks, compromising the security of...

How to store ICA files of Citrix Workspace app for Windows in memory instead of the local disk

When launching a resource, an ICA file is generated containing instructions on how to access the resource. Older versions of Citrix Workspace app for Windows stored this to disk. As the ICA file can contain sensitive information such as the name of the server hosting the resources, it is preferab...

The vulnerability of the SecUsers.ini file of the controller display utility for OpenBSI allows a hacker to gain unauthorized access to protected information.

The vulnerability of the SecUsers.ini file of the controller display utility related to OpenBSI involves storing confidential information in an unencrypted form in memory. Exploiting this vulnerability could allow a remote attacker to gain access to the user credentials...

The vulnerability of the software for configuring Schneider Electric Easergy Builder lies in the storage of confidential information in unencrypted form in memory, allowing an attacker to gain access to the account data.

The vulnerability of the Schneider Electric Easergy Builder software for configuring controllers is related to the storage of confidential information in unencrypted form in memory. Exploiting this vulnerability could allow an attacker to gain access to account data...