Monthly
Remote unauthenticated denial of service in Apache Thrift c_glib language bindings (versions before 0.23.0) allows attackers to crash Thrift servers via specially crafted requests triggering 'free(): invalid pointer' fatal errors. CVSS 7.5 (HIGH) with network vector and low complexity. EPSS score is only 0.02% (4th percentile), indicating very low real-world exploitation probability despite theoretical severity. No active exploitation confirmed (not in CISA KEV); no public POC identified at time of analysis. Vendor-released patch: Apache Thrift 0.23.0.
Memory management vulnerability in Absolute Secure Access server versions 9.0 through 13.54 that allows unauthenticated, network-based attackers to trigger a Denial of Service condition by sending specially crafted packet sequences. The vulnerability requires no privileges or user interaction and has high availability impact (complete service disruption), though no data confidentiality or integrity risk. This is a critical operational risk for organizations dependent on Absolute Secure Access for remote connectivity.
In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type). Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Remote unauthenticated denial of service in Apache Thrift c_glib language bindings (versions before 0.23.0) allows attackers to crash Thrift servers via specially crafted requests triggering 'free(): invalid pointer' fatal errors. CVSS 7.5 (HIGH) with network vector and low complexity. EPSS score is only 0.02% (4th percentile), indicating very low real-world exploitation probability despite theoretical severity. No active exploitation confirmed (not in CISA KEV); no public POC identified at time of analysis. Vendor-released patch: Apache Thrift 0.23.0.
Memory management vulnerability in Absolute Secure Access server versions 9.0 through 13.54 that allows unauthenticated, network-based attackers to trigger a Denial of Service condition by sending specially crafted packet sequences. The vulnerability requires no privileges or user interaction and has high availability impact (complete service disruption), though no data confidentiality or integrity risk. This is a critical operational risk for organizations dependent on Absolute Secure Access for remote connectivity.
In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type). Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.