Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Summary A Denial of Service DoS vulnerability allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Details The...

GHSA-7RQC-FF8M-7J23 Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Summary A Denial of Service DoS vulnerability allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Details The...

EUVD-2025-32851

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

[SECURITY] Fedora 42 Update: perl-Plack-Middleware-Session-0.36-1.fc42

This is a Plack Middleware component for session management. By default it will use cookies to keep session state and store data in memory. This distribution also comes with other state and store solutions...

Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss

Summary An attacker can exploit a chain of vulnerabilities, including a Denial of Service DoS flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection. This makes the application susceptible to brute force attacks, compromising the security of...

How to store ICA files of Citrix Workspace app for Windows in memory instead of the local disk

When launching a resource, an ICA file is generated containing instructions on how to access the resource. Older versions of Citrix Workspace app for Windows stored this to disk. As the ICA file can contain sensitive information such as the name of the server hosting the resources, it is preferab...