14 matches found
PT-2026-35979
Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service device crash by sending a crafted Router Advertisement with a truncated PREFIX INFORMATION option that is small...
CVE-2022-31121
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...
EUVD-2023-43077
Malicious code in bioql PyPI...
Amazon Linux 2 : libvpx (ALAS-2025-2960)
The version of libvpx installed on the remote host is prior to 1.9.0-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2960 advisory. VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. CVE-2023-44488 A heap overflow...
CVE-2025-47944 Multer vulnerable to Denial of Service from maliciously crafted requests
Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service DoS by sending a malformed multi-part upload request. This request causes an unhandled...
CVE-2022-47673 affecting package crash for versions less than 8.0.1-4
CVE-2022-47673 affecting package crash for versions less than 8.0.1-4. An upgraded version of the package is available that resolves this issue...
CVE-2025-30195 A crafted zone can lead to an illegal memory access in the PowerDNS Recursor
An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would like to thank Volodym...
CVE-2024-51491
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...
CVE-2022-23496 A crafted list can trigger a ArrayIndexOutOfBoundsException in Yauaa
Yet Another UserAgent Analyzer Yauaa is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an...
Incredimail Malformed MIME Message DoS Vulnerability
Incredimail is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 651-1] New squid packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 651-1 [email protected] http://www.debian.org/security/ Martin Schulze January 20th, 2005 http://www.debian.org/security/faq -...
[ GLSA 200406-19 ] giFT-FastTrack: remote denial of service attack
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200406-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
OpenLDAP DoS Vulnerability
Background OpenLDAP is a suite of LDAP-related application and development tools. It includes slapd the standalone LDAP server, slurpd the standalone LDAP replication server, and various LDAP libraries, utilities and example clients. Description A password extended operation password EXOP which...
bftpd NLST Command Output Format String
The remote FTP server, which appears to be Bftpd, has a format string vulnerability in the NLST command. A remote attacker could use this to crash the service, or possibly execute arbitrary code. C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Erik Anderso...