1889 matches found
USN-7637-1 jpeg-xl vulnerabilities
It was discovered that libjxl did not perform proper bounds checking when parsing Exif tags. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service. CVE-2023-0645 It was discovered that libjxl did not perform proper bounds checking when decoding...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Transfer-Encoding: chunked process. An attacker can exhaust server memory resources by sending specially crafted HTTP requests with chunked transfer encoding or without a...
PT-2025-29086 · Open Information Security Foundation +1 · Suricata +1
Name of the Vulnerable Software and Affected Versions: Suricata versions 7.0.10 and below Suricata versions 8.0.0-beta1 through 8.0.0-rc1 Description: Suricata, a network IDS, IPS, and NSM engine, is affected by an issue where mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory...
CVE-2025-6712
MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory...
CVE-2025-6712
MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory...
UBUNTU-CVE-2025-6712
MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory...
MongoDB Server may be susceptible to DoS due to Accumulated Memory Allocation
MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory...
[SECURITY] [DSA 5958-1] jpeg-xl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5958-1 [email protected] https://www.debian.org/security/ Aron Xu July 04, 2025 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
Debian dsa-5958 : jpeg-xl-doc - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5958 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5958-1 [email protected] https://www.debian.org/securit...
ROS-20250703-07
A vulnerability in the DevTools component of the Google Chrome browser is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the libvpx library of the Google Chrome and Microsoft Edge...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the process handling HTTP header fields. An attacker can cause excessive memory consumption and potentially crash or render the server unresponsive by sending a large number of HTTP headers. Details Denial of...
python-werkzeug: high resource usage when parsing multipart form data with many fields
A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...
netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way
A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...
ROS-20250624-10
Vulnerability of the native code library for parsing and linearization of PGF LIBPGF grammars is related to the memory usage after release in Decoder.cpp. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges on the system...
Security update for ignition
This update for ignition fixes the following issues: CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 bsc1239192. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...
Security update for ignition
This update for ignition fixes the following issues: CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 bsc1239192. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...
Security update for ignition
This update for ignition fixes the following issues: CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 bsc1239192. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate ...
Apache Tomcat 11.0.0-M1 < 11.0.8 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.106, 10.1.0-M1 prior to 10.1.42 or 11.0.0-M1 prior to 11.0.8. It is, therefore, affected by multiple vulnerabilities : - A race condition on connection close could trigger a JVM crash when using the APR/Native...
Apache Tomcat 9.0.0-M1 < 9.0.106 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.106, 10.1.0-M1 prior to 10.1.42 or 11.0.0-M1 prior to 11.0.8. It is, therefore, affected by multiple vulnerabilities : - A race condition on connection close could trigger a JVM crash when using the APR/Native...
Apache Tomcat 10.1.0-M1 < 10.1.42 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.106, 10.1.0-M1 prior to 10.1.42 or 11.0.0-M1 prior to 11.0.8. It is, therefore, affected by multiple vulnerabilities : - A race condition on connection close could trigger a JVM crash when using the APR/Native...