Page 4 of 50743 results (0.029 seconds)

CVSS: 3.9EPSS: 0%CPEs: 3EXPL: 0

09 Jun 2025 — This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions. • https://access.redhat.com/security/cve/CVE-2025-5915 • CWE-122: Heap-based Buffer Overflow •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

09 Jun 2025 — Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. • https://github.com/discourse/discourse/security/advisories/GHSA-3q5q-qmrm-rvwx • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

09 Jun 2025 — A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster Un personaje de desarrollador puede hacer caer el servicio Authorino, impidiendo la evaluación de todas las AuthPolicies en el clúster. • https://access.redhat.com/security/cve/CVE-2025-25208 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0

09 Jun 2025 — The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. ... It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks. • https://access.redhat.com/security/cve/CVE-2025-25207 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local provoque un DOS a través de una entrada incorrecta. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local provoque un DOS a través de una entrada incorrecta. in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local cometa un ataque DOS mediante la desreferencia de un puntero NULL. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local provoque un ataque DOS mediante lecturas fuera de los límites. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

07 Jun 2025 — This might be used to DoS libcurl-using application. ... This might be used to DoS libcurl-using application. • https://curl.se/docs/CVE-2025-5399.html •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

06 Jun 2025 — In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. ... A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash — especially in containerized or memory-constrained environments. The patch in version 1.12.2 introduces two key mitigation mechanisms: `max_streams`,... • https://datatracker.ietf.org/doc/html/rfc9250 • CWE-770: Allocation of Resources Without Limits or Throttling •