Monthly
Memory management vulnerability in Absolute Secure Access server versions 9.0 through 13.54 that allows unauthenticated, network-based attackers to trigger a Denial of Service condition by sending specially crafted packet sequences. The vulnerability requires no privileges or user interaction and has high availability impact (complete service disruption), though no data confidentiality or integrity risk. This is a critical operational risk for organizations dependent on Absolute Secure Access for remote connectivity.
In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type). Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory management vulnerability in Absolute Secure Access server versions 9.0 through 13.54 that allows unauthenticated, network-based attackers to trigger a Denial of Service condition by sending specially crafted packet sequences. The vulnerability requires no privileges or user interaction and has high availability impact (complete service disruption), though no data confidentiality or integrity risk. This is a critical operational risk for organizations dependent on Absolute Secure Access for remote connectivity.
In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type). Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.