799 matches found
ROS-20240816-13
Vulnerability in the ASN1 Parser function GTime2str of the libcurl library is related to reading outside of memory boundaries memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause an octasis in the maintenance...
CVE-2024-41727
CVE-2024-41727 affects BIG-IP TMM on BIG-IP devices (and BIG-IP VE with Intel E810 SR-IOV NIC) where undisclosed traffic can cause memory resource utilization to spike, degrading performance or causing DoS. Public details specify the vulnerable components as the Traffic Management Microkernel (TM...
DEBIAN-CVE-2024-41989
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent...
CVE-2024-7541
oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...
PT-2024-32255
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the usbnet: ipheth section in the Linux kernel, where RX callbacks can fail due to multiple reasons such as payload being too short, payload formatted incorrectly...
OESA-2024-1917 avro security update
Apache Avro is a data serialization system. Security Fixes: When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up...
Medium: wireshark
Issue Overview: Memory handling issue in editcap could cause denial of service via crafted capture file CVE-2024-4853 MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture fil...
Netscaler Troubleshooting (Tools, Logs, Performance)
Introduction This article provides a list of Knowledge Base resources on how to troubleshoot, setup and diagnose most common issues based on memory, CPU, license. Overview of the Issue Below list of articles will provide you an outline of logs which will help you to easily identify a possible CPU...
CVE-2024-38535
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...
CVE-2024-38535 Suricata http2: oom from duplicate headers
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...
Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...
USN-6890-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-6601, CVE-2024-6604,...
UBUNTU-CVE-2024-6609
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox 128 and Thunderbird 128...
PT-2024-5451 · Microsoft · Sql Server Native Client Ole Db Provider
Name of the Vulnerable Software and Affected Versions: SQL Server Native Client OLE DB Provider affected versions not specified Description: The issue is related to a memory usage problem after memory has been freed, which can be exploited by a remote attacker to execute arbitrary code...
CVE-2022-1941
...
Directus is soft-locked by providing a string value to random string util
Describe the Bug Providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions...
PT-2024-25822 · Envoy · Envoy
Name of the Vulnerable Software and Affected Versions: Envoy affected versions not specified Description: The issue is related to an out-of-memory OOM vector exposed by Envoy, a cloud-native, open source edge and service proxy. This occurs because the async HTTP client buffers the response with a...
CVE-2024-36128
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of...
CVE-2024-36128 Directus is soft-locked by providing a string value to random string util
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of...
CVE-2021-47508
CVE-2021-47508 affects the Linux kernel’s btrfs code path. The issue is a memory leak: when qgroup/data reservation fails in btrfs_check_data_free_space() or btrfs_delalloc_reserve_space(), the allocated extent_changeset is not freed. This occurs specifically in the direct IO write path (and rela...