43 matches found
Amazon Linux AMI : libsoup (ALAS-2025-1979)
The version of libsoup installed on the remote host is prior to 2.28.2-5.9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1979 advisory. A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out- of-bound read. This...
Linux Distros Unpatched Vulnerability : CVE-2023-29408
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image both in terms o...
AZL-57437 CVE-2025-22869 affecting package cert-manager for versions less than 1.11.2-20
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
Nginx has been updated to the latest stable release to fix CVE
CVE-2024-7347: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and...
qemu-kvm: 'qemu-img info' leads to host file read/write
A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...
CVE-2024-32663
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...
CVE-2024-23836
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extrem...
CVE-2023-6117
A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks...
PT-2023-16231 · M Files · M-Files Server
Name of the Vulnerable Software and Affected Versions: M-Files Server versions prior to 23.4.12528.1 Description: The issue allows user-controlled operations to cause Denial of Service due to uncontrolled memory consumption. Recommendations: For versions prior to 23.4.12528.1, update to version...
CVE-2023-26470
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number e.g. 67108863. Most of the time this will fill the memory allocated to XWiki and make it unusable every...
PT-2023-20216 · Unknown · Notation-Go
Name of the Vulnerable Software and Affected Versions: notation-go versions prior to 1.0.0-rc.3 Description: The issue causes excessive memory consumption when verifying signatures, leading to application crashes and impacting availability. Users can review their trust policy file for the identit...
SUSE CVE-2006-1862
The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service panic by running lsof a large number of times in a way that produces a heavy system load...
CVE-2022-42318
Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service...
PT-2022-19454
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description The implementation of tf.ragged.constant does not fully validate the input arguments,...
CVE-2021-3912
OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory and thus crash...
VerneMQ MQTT Broker 安全漏洞
MQTT Message Queuing Telemetry Transport is an ISO standard ISO/IEC PRF 20922 based on the Publish/Subscribe paradigm of messaging protocols, which works on the TCP/IP family of protocols, and is designed for remote devices with low hardware performance and poor network conditions. It works on th...
What is Ping of Death Assault?
Ping of death is a strategy for DoS Denial of Service assault. It’s an attack-type that objectifies the ICMP Internet Control Message Protocol and the TCP Transmission Control Protocol, and is quite possibly the most undermining of all ICMP attacks. The ping of death attack is otherwise called a...
RUSTSEC-2021-0041 Denial of service through parsing payloads with too big exponent
The parseduration::parse function allows for parsing duration strings with exponents like 5e5s where under the hood, the BigInt type along with the pow function are used for such payloads. Passing an arbitrarily big exponent makes the parseduration::parse function to process the payload for a ver...
Denial Of Service (DoS)
OpenSSL is vulnerable to Denial Of Service DoS. A malicious user can send multiple large OCSP Status Request extension to the server. causing it to run out of memory and crash...
Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20131121)
An integer overflow flaw was found in the way Samba handled an Extended Attribute EA list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. CVE-2013-412...