DEBIAN-CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

UBUNTU-CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

Security update for ignition

This update for ignition fixes the following issues: CVE-2025-22870: golang.org/x/net/http/httpproxy: Fixed proxy bypass using IPv6 zone IDs bsc1238681 CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing bsc1239192 Patch Instructions: To install this...

CVE-2025-8104

The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.98. This is due to missing nonce validation in the wpmemoryinstallplugin function. This makes it possible for unauthenticated attackers to silently install one of the several...

SUSE CVE-2025-29917

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decodebase64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per...

CVE-2025-8104

The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.98. This is due to missing nonce validation in the wpmemoryinstallplugin function. This makes it possible for unauthenticated attackers to silently install one of the several...

CVE-2025-8104 Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function

The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.98. This is due to missing nonce validation in the wpmemoryinstallplugin function. This makes it possible for unauthenticated attackers to silently install one of the several...

CVE-2025-8104 Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function

The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.98. This is due to missing nonce validation in the wpmemoryinstallplugin function. This makes it possible for unauthenticated attackers to silently install one of the several...

WordPress plugin Memory Usage 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2025-30994 · WordPress · Memory Usage

Name of the Vulnerable Software and Affected Versions: Memory Usage plugin for WordPress versions prior to 3.99 Description: The Memory Usage plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing nonce validation in the wpmemory install plugin function. This allows...

Security Bulletin: Erlang/OTP Vulnerability in KEX Init Handling May Lead to High Memory Usage

Summary Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names 64 characters...

CVE-2025-53538

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of...

CVE-2025-53538 Suricata's mishandling of data on HTTP2 stream 0 can lead to resource starvation

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of...

CVE-2025-53538

CVE-2025-53538 affects Suricata (IDS/IPS/NSM engine by OISF) in versions 7.0.10 and earlier and 8.0.0-beta1 through 8.0.0-rc1. The root cause is mishandling of data on HTTP/2 stream 0, causing uncontrolled memory usage and loss of visibility. The issue scores as CVSS v3.1/7.5 (HIGH) with NETWORK ...

CVE-2025-53538 Suricata's mishandling of data on HTTP2 stream 0 can lead to resource starvation

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of...

Suricata 安全漏洞

Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A security vulnerability exists in Suricata versions 7.0.10 and earlier and 8.0.0-beta1 through 8.0.0-rc1, which stems from improper handling of HTTP2 stream 0 data and could lead to uncontrolled memory...

OESA-2025-1852 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the functi...

CVE-2025-36097

IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources...

GHSA-36WV-V2QP-V4G4 Apache CXF is vulnerable to DoS attacks as entire files are read into memory and logged

Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory...