CVE-2025-49763

A flaw was found in trafficserver. The Edge Side Includes ESI plugin lacks a limit on maximum inclusion depth, allowing a remote attacker to trigger excessive memory consumption by inserting malicious instructions. This condition occurs due to the plugin's inability to restrict the nesting of ESI...

CVE-2025-2240

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service DoS issue. Mitigation Red Hat has...

CVE-2025-0633

A flaw was found in iniparser. This vulnerability allows an attacker to read out-of-bound memory via iniparserdumpsectionini. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use an...

CVE-2024-26999

In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmaczilog as ...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 6.4.16 and fixes or adds mitigations for atleast the following security issues: A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often...

CVE-2022-27672

A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure. Mitigation The current mitigations for spectre V4 or spectrev2 should mitiga...

CVE-2020-10282 RVD#3316: No authentication in MAVLink protocol

The Micro Air Vehicle Link MAVLink protocol presents no authentication mechanism on its version 1.0 nor authorization whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package...

Design/Logic Flaw

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file...

Health Record System 0.1 - Authentication Bypass

Exploit Title.............. Health Record System Auth Bypass Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage............ http://www.sourcecodester.com/node/10430 Software Link...