Lucene search
K

799 matches found

Redos
Redos
added 2024/08/16 12:0 a.m.149 views

ROS-20240816-13

Vulnerability in the ASN1 Parser function GTime2str of the libcurl library is related to reading outside of memory boundaries memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause an octasis in the maintenance...

6.5CVSS6.6AI score0.16212EPSS
Exploits1
CVE
CVE
added 2024/08/14 2:32 p.m.92 views

CVE-2024-41727

CVE-2024-41727 affects BIG-IP TMM on BIG-IP devices (and BIG-IP VE with Intel E810 SR-IOV NIC) where undisclosed traffic can cause memory resource utilization to spike, degrading performance or causing DoS. Public details specify the vulnerable components as the Traffic Management Microkernel (TM...

8.7CVSS7.6AI score0.00481EPSS
Exploits0References1Affected Software21
OSV
OSV
added 2024/08/07 3:15 p.m.1 views

DEBIAN-CVE-2024-41989

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent...

7.5CVSS6.9AI score0.012EPSS
Exploits0References1
OSV
OSV
added 2024/08/06 12:15 a.m.15 views

CVE-2024-7541

oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

3.3CVSS6.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.8 views

PT-2024-32255

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the usbnet: ipheth section in the Linux kernel, where RX callbacks can fail due to multiple reasons such as payload being too short, payload formatted incorrectly...

5.5CVSS5.5AI score0.00204EPSS
Exploits0
OSV
OSV
added 2024/08/02 11:8 a.m.4 views

OESA-2024-1917 avro security update

Apache Avro is a data serialization system. Security Fixes: When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up...

7.5CVSS6.9AI score0.01772EPSS
Exploits0References2
Amazon
Amazon
added 2024/07/22 12:0 a.m.3 views

Medium: wireshark

Issue Overview: Memory handling issue in editcap could cause denial of service via crafted capture file CVE-2024-4853 MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture fil...

7.5CVSS7.2AI score0.01739EPSS
Exploits3
Citrix
Citrix
added 2024/07/14 12:0 a.m.10 views

Netscaler Troubleshooting (Tools, Logs, Performance)

Introduction This article provides a list of Knowledge Base resources on how to troubleshoot, setup and diagnose most common issues based on memory, CPU, license. Overview of the Issue Below list of articles will provide you an outline of logs which will help you to easily identify a possible CPU...

7AI score
Exploits0
AlpineLinux
AlpineLinux
added 2024/07/11 2:50 p.m.29 views

CVE-2024-38535

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...

7.5CVSS7.6AI score0.01172EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/07/11 2:50 p.m.21 views

CVE-2024-38535 Suricata http2: oom from duplicate headers

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...

7.5CVSS6.9AI score0.01172EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/07/11 12:1 p.m.5 views

Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13

The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

7.5CVSS7.5AI score0.0054EPSS
Exploits0References6
OSV
OSV
added 2024/07/10 5:51 a.m.4 views

USN-6890-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-6601, CVE-2024-6604,...

9.8CVSS7.1AI score0.00977EPSS
Exploits1References15
OSV
OSV
added 2024/07/10 12:0 a.m.2 views

UBUNTU-CVE-2024-6609

When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox 128 and Thunderbird 128...

8.8CVSS7.3AI score0.00576EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.3 views

PT-2024-5451 · Microsoft · Sql Server Native Client Ole Db Provider

Name of the Vulnerable Software and Affected Versions: SQL Server Native Client OLE DB Provider affected versions not specified Description: The issue is related to a memory usage problem after memory has been freed, which can be exploited by a remote attacker to execute arbitrary code...

10CVSS7.3AI score0.01624EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2024/06/30 7:0 a.m.3 views

CVE-2022-1941

...

7.5CVSS6.9AI score0.01151EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/06/04 5:53 p.m.36 views

Directus is soft-locked by providing a string value to random string util

Describe the Bug Providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions...

7.5CVSS6.7AI score0.0062EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/04 12:0 a.m.3 views

PT-2024-25822 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy affected versions not specified Description: The issue is related to an out-of-memory OOM vector exposed by Envoy, a cloud-native, open source edge and service proxy. This occurs because the async HTTP client buffers the response with a...

6.5CVSS8.1AI score0.00467EPSS
Exploits1References8
NVD
NVD
added 2024/06/03 3:15 p.m.21 views

CVE-2024-36128

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of...

7.5CVSS7.5AI score0.0062EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/03 2:59 p.m.30 views

CVE-2024-36128 Directus is soft-locked by providing a string value to random string util

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of...

7.5CVSS7.5AI score0.0062EPSS
Exploits1References2
CVE
CVE
added 2024/05/24 3:1 p.m.75 views

CVE-2021-47508

CVE-2021-47508 affects the Linux kernel’s btrfs code path. The issue is a memory leak: when qgroup/data reservation fails in btrfs_check_data_free_space() or btrfs_delalloc_reserve_space(), the allocated extent_changeset is not freed. This occurs specifically in the direct IO write path (and rela...

5.5CVSS6.8AI score0.00205EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder