CVE-2025-6203

CVE-2025-6203 describes a Denial of Service in Vault triggered by a specially crafted large JSON payload that overconsumes memory and CPU, risking an auditing-subsystem timeout and Vault unresponsiveness. Connected sources (IBM, OSV entries, and HashiCorp advisories) confirm the issue, its associ...

CVE-2025-6203 Vault unauthenticated denial of service through complex json payload

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

PT-2025-35145

Name of the Vulnerable Software and Affected Versions xz versions prior to 0.5.14 Description The xz package contains a flaw where data can be prepended to an LZMA-encoded byte stream without detection during header reading. This can lead to excessive memory consumption due to the allocation of a...

Linux Distros Unpatched Vulnerability : CVE-2020-14152

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In IJG JPEG aka libjpeg before 9d, jpegmemavailable in jmemnobs.c in djpeg does not honor the maxmemorytouse setting, possibly causing excessive memory...

SUSE CVE-2025-43960

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...

TencentOS Server 4: suricata (TSSA-2025:0649)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0649 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CRI-O has Potential High Memory Consumption from File Read

There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...

Linux Distros Unpatched Vulnerability : CVE-2023-23969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsin...

Denial Of Service (DoS)

OpenEXR is vulnerable to denial of service DoS. The vulnerability is due to improper input validation due to trusting unvalidated dataWindow size values from file headers, leading to excessive memory allocation and performance degradation...

mod_security: ModSecurity Denial of Service Vulnerability

A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected w...

mod_security: ModSecurity Denial of Service Vulnerability

A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected w...

mod_security: ModSecurity Denial of Service Vulnerability

A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected w...

OpenEXR has an unspecified vulnerability (CNVD-2025-24796)

OpenEXR is an open standard for high dynamic range image HDR file formats. A security vulnerability exists in OpenEXR version 3.3.2, which can be exploited by attackers to cause excessive memory allocation and performance degradation when processing malicious files...

Linux Distros Unpatched Vulnerability : CVE-2025-53538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions 7.0.10 and belo...

ROS-20250806-08

A vulnerability in the MongoDB database management system server is related to excessive iteration. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service MongoDB database management system vulnerability is related to the fact that the software stor...

mod_security: ModSecurity Denial of Service Vulnerability

A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected w...

DEBIAN-CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

UBUNTU-CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

Security update for ignition

This update for ignition fixes the following issues: CVE-2025-22870: golang.org/x/net/http/httpproxy: Fixed proxy bypass using IPv6 zone IDs bsc1238681 CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing bsc1239192 Patch Instructions: To install this...