CVE-2025-13837

A flaw was found in the plistlib module in the Python standard library. The amount of data to read from a Plist file is specified in the file itself. This issue allows a specially crafted Plist file to cause an application to allocate a large amount of memory, potentially resulting in allocations...

CVE-2025-66019

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

RHEL 9 : expat (RHSA-2025:22034)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22034 advisory. Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: Improper Restriction of XML Entity Expansion Depth in...

CVE-2025-13466

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...

PT-2025-48100

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.4.0 Description pypdf is a free and open-source pure-python PDF library. An attacker can create a malicious PDF file that causes excessive memory consumption, up to 1 GB per stream, when parsing the content stream of ...

CVE-2025-58181

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

[SECURITY] Fedora 41 Update: fvwm3-1.1.4-1.fc41

Fvwm is a window manager for X11. It is designed to minimize memory consumption, provide a 3D look to window frames, and implement a virtual desktop...

SUSE CVE-2025-40179

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

EUVD-2025-150395

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

CVE-2025-40179

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

DEBIAN-CVE-2025-40179

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

UBUNTU-CVE-2025-40179

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

CVE-2025-40179 ext4: verify orphan file size is not too big

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

CVE-2025-40179

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

CVE-2025-40179

CVE-2025-40179 concerns the Linux kernel’s ext4 filesystem. The issue arises from how orphan files are replayed: an orphan file can be arbitrarily large, and replay requires traversing it and pinning its buffers in memory, which can lead to excessive memory consumption on filesystems with very la...

CVE-2025-40179 ext4: verify orphan file size is not too big

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

Denial of Service (DoS)

Overview github.com/dvsekhvalnov/jose2go is a Pure Golang GO library for generating, decoding and encrypting JSON Web Tokens. Zero dependency, relies only on standard library. Affected versions of this package are vulnerable to Denial of Service DoS via the processing of crafted JSON Web Encrypti...

rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of servi...

Parameter-parsing Bypass

Rack is vulnerable to a parameter-parsing Bypass. The vulnerability is due to Rack::QueryParser enforcing its paramslimit only for parameters separated by & while still splitting on both & and ;, which allows an attacker to bypass the parameter count limit by using ; separators to submit excessiv...

Advisory ROSA-SA-2025-3048

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.1 unaffected versions = libxml2-2.9.7-21.0.1.rv31.3 affected versions libxml2-2.9.7-21.0.1.1.rv31.3 CVE-ID: CVE-2016-3709 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libxml2 library is related to the failure to take measures to...