17 matches found
EUVD-2026-31079
A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...
PT-2026-34224
Name of the Vulnerable Software and Affected Versions free5GC UDR versions prior to 1.4.3 Description A memory leak in the Policy Control Function PCF allows an unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth. By sending repeated HTTP...
Denial Of Service (DoS)
Next.js is vulnerable to a Denial of Service DoS vulnerability. The vulnerability is due to unbounded request body buffering and unbounded decompression in the Partial Prerendering PPR resume endpoint, which allows an attacker to send specially crafted unauthenticated POST requests or compressed...
EUVD-2018-1829
Malware in sbrugna...
CVE-2023-43810
OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities reported in Jetty server (CVE-2024-8184, CVE-2024-6763)
Summary Multiple vulnerabilities over Eclipse Jetty is affecting IBM Sterling Control Center v6.3.1.0 and v6.4.0.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service...
Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter
Summary When validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. Details The root cause comes from the ZipFileBodyDecoder, which is registere...
CVE-2025-27100
lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versio...
CVE-2021-22484
Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data. Successful exploitation of this vulnerability may cause a server out of memory OOM...
Memory Leakage
aiohttp is vulnerable to Memory Leakage. The vulnerability is due to improper handling of MatchInfoError, where each error creates a unique cache entry, allowing an attacker to exhaust server memory with numerous requests...
CVE-2024-22393
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content...
JSS: memory leak in TLS connection leads to OOM
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service...
dotnet: .NET Denial of Service Vulnerability
A Denial of Service vulnerability was found in .NET Core project templates that utilize JWT-based authentication tokens. This issue may allow an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making...
OpenTelemetry-Go Contrib Security Vulnerability
OpenTelemetry-Go Contrib is a collection of OpenTelemetry Go extensions open-sourced by OpenTelemetry. A security vulnerability exists in OpenTelemetry-Go Contrib that stems from a potential server memory exhaustion when a large number of malicious requests are sent to the server...
textpattern denial of service vulnerability
textpattern is an excellent blogging system. A security vulnerability exists in the Import XML feature in textpattern version 4.6.2. An attacker can exploit this vulnerability by uploading a specially crafted XML file to cause a denial of service exhaustion of server memory resources...
CVE-2018-6532
An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted authenticated and unauthenticated requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer...
samba3 DoS attack
Code found in nmbd and smbd may allow a remote attacker to effectively crash the nmbd server or use the smbd server to exhaust the system memory...