Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of request body size limits in unauthenticated HTTP endpoints. An attacker can exhaust server memory and cause process restarts by sending large or repeated HTTP...

CVE-2025-61770

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...

EUVD-2020-12493

Malware in sbrugna...

CVE-2024-39551

An Uncontrolled Resource Consumption vulnerability in the H.323 ALG Application Layer Gateway of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of...

CVE-2024-39548

An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service DoS condition. The processes do not recover on their own and must be...

PT-2024-21782 · Ibm · Ibm Maximo Application Suite

Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite version 7.6.1.3 Description: The issue is related to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume memory...

PT-2023-13602 · Ibm · Ibm Tivoli Workload Scheduler

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Workload Scheduler versions 9.4 through 10.1 Description: The issue is related to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume...

Insyde InsydeH2O has an unspecified vulnerability

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. The vulnerability stems from a lack of shared memory monitoring of SMI handles. No detailed vulnerability...

PT-2021-7976 · Netty +5 · Netty +5

Name of the Vulnerable Software and Affected Versions: Netty versions prior to 4.1.67.Final Description: The Snappy frame decoder function does not restrict the chunk length, which may lead to excessive memory usage. Additionally, it may buffer reserved skippable chunks until the whole chunk is...

Citrix Data Collection Tool - CDC

Pre-requisites PowerShell 4.0 and above .NET 4.0 and above Media FrameWork 5.0 and above PowerShell Execution policy set to RemoteSigned/Unrestricted/ByPass Task Scheduler should be enabled for the creation of tasks to be executed when triggers are defined. Administrator privileges Please note: Y...

CVE-2021-0215

On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. An...

Malware monitor - leveraging PyREBox for malware analysis

This post was authored by Xabier Ugarte Pedrero In July 2017 we released PyREBox, a Python Scriptable Reverse Engineering Sandbox as an open source tool. This project is part of our continuous effort to create new tools to improve our workflows. PyREBox is a versatile instrumentation framework...

SA-CONTRIB-2011-009 - Droptor - SQL Injection

The Droptor module connects a Drupal site to Droptor.com, a Drupal monitoring and management solution. When capturing memory logging information the module does not filter the value input from the current page request variable. This vulnerability can be exploited to perform an SQL Injection attac...