17 matches found
Missing Release of Memory after Effective Lifetime
Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the DelegatingDecompressorFrameListener function...
GHSA-XVFQ-4Q6Q-GXX7 In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header
When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...
CVE-2026-41726
When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...
VMware Spring for Apache Kafka 安全漏洞
VMware Spring for Apache Kafka is a Kafka messaging integration framework developed by VMware, Inc. Vulnerabilities exist in versions 4.0.0 and earlier, as well as versions 3.3.0 and earlier, 3.2.0 and earlier, 2.9.0 and earlier, and 2.8.0 and earlier of VMware Spring for Apache Kafka. The...
CVE-2026-41726
In Spring for Apache Kafka, CVE-2026-41726 arises when an application uses the DelegatingDeserializer and an attacker can send records with unique, random spring.kafka.serialization.selector header values. This can cause the consumer’s heap to grow without bound, leading to garbage-collection thr...
CVE-2026-41726 In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header
When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...
CVE-2026-41726 In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header
When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...
PT-2026-48322
Name of the Vulnerable Software and Affected Versions Spring for Apache Kafka versions 4.0.0 through 4.0.5 Spring for Apache Kafka versions 3.3.0 through 3.3.15 Spring for Apache Kafka versions 3.2.0 through 3.2.13 Spring for Apache Kafka versions 2.9.0 through 2.9.13 Spring for Apache Kafka...
CVE-2024-43868
In the Linux kernel, the following vulnerability has been resolved: riscv/purgatory: align riscvkernelentry When alignment handling is delegated to the kernel, everything must be word-aligned in purgatory, since the trap handler is then set to the kexec one. Without the alignment, hitting the...
CVE-2024-43868 riscv/purgatory: align riscv_kernel_entry
In the Linux kernel, the following vulnerability has been resolved: riscv/purgatory: align riscvkernelentry When alignment handling is delegated to the kernel, everything must be word-aligned in purgatory, since the trap handler is then set to the kexec one. Without the alignment, hitting the...
CVE-2024-43868 riscv/purgatory: align riscv_kernel_entry
In the Linux kernel, the following vulnerability has been resolved: riscv/purgatory: align riscvkernelentry When alignment handling is delegated to the kernel, everything must be word-aligned in purgatory, since the trap handler is then set to the kexec one. Without the alignment, hitting the...
How to Grant Rights to be able to Manage Computer Accounts using the Provisioning Services Console
This article describes how to delegate rights to the user or group to allow adding workstations to an Active Directory ADdomain using the Provisioning Server console. Background While it is possible to assign AD users or groups to Built-In groups within AD to enable this functionality such as...
CVE-2024-32873
CVE-2024-32873 affects Evmos (EVM Hub on Cosmos). The issue: spendable balance is not updated during delegation from clawback vesting accounts, enabling anticipation of unvested tokens release. Root cause involves vesting/delegation logic and vesting/account handling; multiple connected reports d...
CVE-2024-32873 evmos allows transferring unvested tokens after delegations
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to anticipate the release of unvested tokens. This vulnerability is fixed in 18.0.0...
delegated value can go to negative value during subtracting with amount. This will cause issue when delegating amount again.
Lines of code Vulnerability details Impact re-delegating / delegating again could not get actual delegated value. Proof of Concept Tools Used Manual code review. VS code Recommended Mitigation Steps update delegated value to zero when it goes to negative value ifdelegated 0 delegated = 0; --- The...
Mozilla Thunderbird < 78.14
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.14. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-42 advisory. - Mozilla developers Tyson Smith and Gabriele Svelto reported memory safety bugs present in Thunderbird...
Using the Manager Attribute in Active Directory (AD) for Password Resets
Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic. With the numbers of cyberattacks against businesses exploding and compromised credentials often being the culprit, companies have ...