186 matches found
CVE-2026-28253
A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition...
Allocation of Resources Without Limits or Throttling
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...
Security Bulletin: MongoDB Enterprised Advanced affected by: Allocation of Resources Without Limits or Throttling vulnerability (CVE-2025-8885)
Summary There is a vulnerability in bc-fips-1.0.2.5.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-8885. The vulnerability has/vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-8885 DESCRIPTION: Allocation of Resources Without Limits or Throttling...
CVE-2025-57711 Qsync Central
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...
PT-2026-7566
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...
Qnap QTS and QuTS hero Allocation of Resources Without Limits or Throttling (CVE-2025-47208)
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same...
RLSA-2026:0525 Moderate: postgresql16 security update
PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...
Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-03)
Allocation of Resources Without Limits or Throttling in Kibana Leading to Excessive Allocation ESA-2026-03 Allocation of Resources Without Limits or Throttling CWE-770 in Kibana Fleet can lead to Excessive Allocation CAPEC-130 via a specially crafted request. This causes the application to perfor...
Security update for cpp-httplib (important)
openSUSE Security Update: Security update for cpp-httplib Announcement ID: openSUSE-SU-2026:0007-1 Rating: important References: 1245414 1246468 1246471 Cross-References: CVE-2025-52887 CVE-2025-53628 CVE-2025-53629 CVSS scores: CVE-2025-52887 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...
CVE-2021-27502
Texas Instruments TI-RTOS, when configured to use HeapMem heapdefault, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMemallocUnprotected' and result in code execution...
CVE-2021-27431
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc local malloc equivalent function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution...
Elastic Elasticsearch 安全漏洞
Elastic Elasticsearch is a search engine based on the Lucene library from the Dutch company Elastic. A security vulnerability exists in Elastic Elasticsearch that stems from an unrestricted resource allocation that could lead to a denial of service...
CVE-2025-66564
A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header...
Security Bulletin: Astronomer with IBM is vulnerable to unbounded memory allocation due to the axios package (CVE-2025-58754)
Summary Axios is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL wi...
mingw-expat security update
An update is available for mingw-expat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Expat is a C library for parsing XML documents. The mingw-expat packages...
Allocation of Resources Without Limits or Throttling
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to lack of note length validation. An attacker can cause permanent corruption of issue activity logs and disrupt collaboration by...
EUVD-2025-32887
The NASA’s Interplanetary Overlay Network ION is an implementation of Delay/Disruption Tolerant Networking DTN. A BPv7 bundle with a malformed extension block causes uncontrolled memory allocation inside ION-DTN 4.1.3s, leading to receiver thread termination and a Denial-of-Service DoS. The...
EUVD-2017-11766
Malware in sbrugna...
EUVD-2018-20567
Malware in sbrugna...
EUVD-2018-13056
Malware in sbrugna...