Erlang/OTP (Erlang OTP) DoS Vulnerability (Mar 2025) - Linux

Erlang/OTP Erlang OTP is prone to a denial of service DoS vulnerability in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

XML Entity Expansion (XEE)

org.apache.solr, solr-core is vulnerable to an XML Entity Expansion XEE. The vulnerability is due to XML resource consumption caused by the use of XML DOCTYPE and ENTITY declarations, which allows an attacker to trigger excessive memory usage during XML parsing, leading to out-of-memory errors...

ROS-20250424-09

The vulnerability in Google Chrome and Microsoft Edge browsers is related to the possibility of memory usage after a release. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of protected information. confidentiality,...

ROS-20250424-04

The GPAC multimedia platform vulnerability involves uncontrolled resource consumption. Exploitation The vulnerability could allow an attacker to cause a denial of service A vulnerability in a function in gfm2tsprocesspmt of the GPAC multimedia platform is related to buffer copying without checkin...

openSUSE Security Advisory (SUSE-SU-2025:1356-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : erlang26 (SUSE-SU-2025:1356-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1356-1 advisory. - CVE-2025-30211: Fixed KEX init error results with excessive memory usage bsc1240390 - CVE-2025-32433: Fixed...

SUSE-SU-2025:1356-1 Security update for erlang26

This update for erlang26 fixes the following issues: - CVE-2025-30211: Fixed KEX init error results with excessive memory usage bsc1240390 - CVE-2025-32433: Fixed unauthenticated remote code execution in Erlang/OTP SSH bsc1241300...

SUSE CVE-2025-32907

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

CVE-2025-32907

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

AZL-60426 CVE-2025-32907 affecting package libsoup for versions less than 3.4.4-7

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

AZL-60429 CVE-2025-32907 affecting package libsoup for versions less than 3.0.4-7

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

DEBIAN-CVE-2025-32907

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

UBUNTU-CVE-2025-32907

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

CVE-2025-32907

CVE-2025-32907 concerns the libsoup HTTP range handling, enabling a resource consumption attack where a malicious client can request the same range multiple times in a single HTTP request, causing the server to allocate large memory. The primary affected component is libsoup, with multiple adviso...

Azure Linux 3.0 Security Update: erlang (CVE-2025-30211)

The version of erlang installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30211 advisory. - Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.1...

CVE-2025-29916

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the hashsize to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can...

CBL Mariner 2.0 Security Update: erlang (CVE-2025-30211)

The version of erlang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30211 advisory. - Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.1...

CVE-2025-32381

A flaw was found in Xgrammar. This vulnerability allows a denial of service DoS via unbounded memory usage when handling a large number of unique grammar inputs from untrusted sources. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the...

KEX init error results with excessive memory usage

...

Azure Linux 3.0 Security Update: coredns / ig / keda (CVE-2025-29786)

The version of coredns / ig / keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-29786 advisory. - Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if th...