Remote Rowhammer Attack Using Adversarial Observations on Federated Learning Clients

Federated Learning FL has the potential for simultaneous global learning amongst a large number of parallel agents, enabling emerging AI such as LLMs to be trained across demographically diverse data. Central to this being efficient is the ability for FL to perform sparse gradient updates and...

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 CVE-2025-32052: Fixed heap buffer overflow in sniffunknown bsc1240756...

CVE-2025-32907

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

CVE-2025-32907

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities reported in Jetty server (CVE-2024-8184, CVE-2024-6763)

Summary Multiple vulnerabilities over Eclipse Jetty is affecting IBM Sterling Control Center v6.3.1.0 and v6.4.0.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server...

Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

Summary When validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. Details The root cause comes from the ZipFileBodyDecoder, which is registere...

Linux Distros Unpatched Vulnerability : CVE-2024-42333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c...

Linux Distros Unpatched Vulnerability : CVE-2015-5288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows...

Advisory ROSA-SA-2025-2734

SOFTWARE: 389-ds-base 1.4.3.23. OS: ROSA Virtualization 3.0 packageevrstring: 389-ds-base-1.4.3.23-14.rv30 CVE-ID: CVE-2021-4091 BDU-ID: 2022-05559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the 389 Directory Server's implementation of the 389 Directory Server lookup function is related to the...

CVE-2025-27100

lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versio...

lakeFS allows an authenticated user to cause a crash by exhausting server memory

Impact An authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. Patches This problem has been patched and exists in versions 1.49.1 and below Workarounds On S3 backends, configure yaml ... blockstore: s3: disablepresignedmultipart: true...

GHSA-J7JW-28JM-WHR6 lakeFS allows an authenticated user to cause a crash by exhausting server memory

Impact An authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. Patches This problem has been patched and exists in versions 1.49.1 and below Workarounds On S3 backends, configure yaml ... blockstore: s3: disablepresignedmultipart: true...

CVE-2025-27100

lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versio...

CVE-2025-27100

lakeFS is affected by an authenticated denial-of-service vulnerability (CVE-2025-27100) where an authenticated user can crash the server by exhausting memory. This affects 1.49.1 and earlier; a fix is available in 1.50.0. Remediation: upgrade to 1.50.0 or later. If upgrading is not possible, appl...

CVE-2025-27100 An authenticated user can crash lakeFS by exhausting server memory

lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versio...

CVE-2024-22393

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content...

Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper...

CVE-2021-22484

Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data. Successful exploitation of this vulnerability may cause a server out of memory OOM...

PT-2024-10878 · Huawei · Huawei Wearables

Name of the Vulnerable Software and Affected Versions: Huawei wearables affected versions not specified Description: The issue is related to the failure of verifying the actual data size when reading data. Successful exploitation may cause a server out of memory OOM. Recommendations: At the momen...