Lucene search
K

186 matches found

Rockylinux
Rockylinux
added 2025/03/17 8:16 p.m.15 views

cyrus-imapd security update

An update is available for cyrus-imapd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cyrus-imapd packages contain a high-performance mail server with IMAP...

6.5CVSS6.7AI score0.00836EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/03/07 12:0 a.m.11 views

CVE-2025-27796

ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob...

9.8CVSS5.1AI score0.00356EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/02/26 2:13 a.m.9 views

CVE-2022-49453

In the Linux kernel, the following vulnerability has been resolved: soc: ti: tiscipmdomains: Check for null return of devmkcalloc The allocation funciton devmkcalloc may fail and return a null pointer, which would cause a null-pointer dereference later. It might be better to check it and directly...

5.5CVSS5.5AI score0.00245EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/02/13 5:49 a.m.5 views

CVE-2025-1059

CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device...

8.7CVSS7.1AI score0.0045EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:42 p.m.7 views

CVE-2022-36078

Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with arbitrary excessive size value, which can either exhaust available memory or crash the whole program. When using...

8.8CVSS6.8AI score0.00941EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 12:31 p.m.12 views

CVE-2024-43410

Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length,...

7.5CVSS6.7AI score0.00912EPSS
Exploits1References1
CVE
CVE
added 2025/01/27 11:11 a.m.59 views

CVE-2025-0695

CVE-2025-0695 affects Cesanta Frozen library prior to version 1.7. The vulnerability is an unbounded Allocation of Resources Without Limits or Throttling, allowing an attacker to crash the component embedding the library by supplying malicious JSON input. Affected scope is Cesanta Frozen versions

5.3CVSS6.8AI score0.00349EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/27 11:11 a.m.7 views

CVE-2025-0695

An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input...

5.3CVSS5.2AI score0.00349EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/14 2:9 p.m.16 views

CVE-2024-46666

An allocation of resources without limits or throttling CWE-770 vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests...

5.3CVSS5.4AI score0.00668EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/14 2:8 p.m.11 views

CVE-2024-46668

An allocation of resources without limits or throttling vulnerability CWE-770 in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple...

7.5CVSS7.6AI score0.00961EPSS
Exploits0References1
CVE
CVE
added 2024/12/11 6:51 p.m.122 views

CVE-2024-47537

CVE-2024-47537 affects GStreamer, specifically gstreamer1-plugins-good. The issue arises in the isomp4/qtdemux.c path where the program reallocates stream->samples to hold stream->n_samples + samples_count, with samples_count read from input. If samples_count is large, an integer overflow c...

9.8CVSS6.6AI score0.00956EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.3 views

PT-2024-10475 · Gstreamer +10 · Gstreamer +10

Name of the Vulnerable Software and Affected Versions: GStreamer versions prior to 1.24.10 Description: The issue is related to an integer overflow in the memory reallocation process. The program attempts to reallocate memory to accommodate a certain number of elements, but if the value read from...

10CVSS6.8AI score0.01344EPSS
Exploits1References249
Cvelist
Cvelist
added 2024/12/04 2:20 p.m.44 views

CVE-2024-53126 vdpa: solidrun: Fix UB bug with devres

In the Linux kernel, the following vulnerability has been resolved: vdpa: solidrun: Fix UB bug with devres In psnetopenpfbar and snetopenvfbar a string later passed to pcimiomapregions is placed on the stack. Neither pcimiomapregions nor the functions it calls copy that string. Should the string...

0.00214EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.7 views

FreeBSD 安全漏洞

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD that stems from allowing a caller to specify an arbitrary size passed to the kernel memory allocator...

5.3CVSS6.6AI score0.00434EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/18 7:12 a.m.29 views

CVE-2024-46790 codetag: debug: mark codetags for poisoned page as empty

In the Linux kernel, the following vulnerability has been resolved: codetag: debug: mark codetags for poisoned page as empty When PGhwpoison pages are freed they are treated differently in freepagesprepare and instead of being released they are isolated. Page allocation tag counters are decrement...

0.00179EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/21 3:9 p.m.18 views

CVE-2024-43410 Russh has an OOM Denial of Service due to allocation of untrusted amount

Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length,...

7.5CVSS6.8AI score0.00912EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/08/08 4:44 a.m.9 views

kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()

A vulnerability was found in the ext4mbfindbygoal function in the Linux kernel. This issue could lead to memory corruption or crashes due to the allocation of blocks from a group with a corrupted block bitmap...

5.5CVSS7.2AI score0.00255EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/07/01 8:35 p.m.28 views

Potential memory exhaustion attack due to sparse slice deserialization

Details Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. For instance, in the Proof of Concept written below, someone can specify to set a field of the...

7.5CVSS7.2AI score0.01105EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/07/01 6:27 p.m.32 views

CVE-2024-37298 Potential memory exhaustion attack due to sparse slice deserialization

gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...

7.5CVSS0.01105EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/05/17 12:15 p.m.45 views

CVE-2024-27413

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...

5.5CVSS6.2AI score0.00244EPSS
Exploits0References22
Rows per page
Query Builder