Monthly
Memory exhaustion in BIND 9 resolver allows unauthenticated remote attackers to cause denial of service by querying specially crafted domains, affecting versions 9.20.0-9.20.20, 9.21.0-9.21.19, and 9.20.9-S1-9.20.20-S1. The vulnerability stems from improper memory management (CWE-772) and can be triggered without authentication or user interaction. Patches are available for affected Ubuntu, SUSE, and Debian systems.
FreeBSD's blocklistd service leaks socket descriptors on each adverse event report, causing progressive service degradation until it can no longer block malicious IP addresses or process new reports. An attacker can exploit this by generating numerous fraudulent adverse events from disposable IP addresses to exhaust socket resources and disable the blocking mechanism before launching an actual attack. The vulnerability has a high severity rating (CVSS 7.5) and currently lacks a patch.
Cisco Secure Firewall ASA devices fail to properly manage embryonic connection limits during TCP SYN flood attacks, allowing unauthenticated remote attackers to block all incoming TCP connections including management access and VPN services. An attacker can exploit this denial-of-service vulnerability by sending crafted traffic streams to management or data interfaces, effectively isolating the device from legitimate network access. No patch is currently available for this HIGH severity vulnerability.
A vulnerability in Multer versions up to 2.1.0 is affected by missing release of resource after effective lifetime.
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Free sp in error path to fix system crash System crash seen during load/unload test in a loop, [61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X.
Memory allocation profiling in the Linux kernel fails to properly clear allocation tags during abort operations when CONFIG_MEM_ALLOC_PROFILING_DEBUG is enabled, allowing a local privileged user to trigger a denial of service through kernel warnings and potential system instability. The vulnerability affects the slab memory allocator's interaction with memcg abort handling and requires local access with elevated privileges to exploit. No patch is currently available for this medium-severity issue.
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. [CVSS 4.3 MEDIUM]
NiceGUI versions 2.10.0 through 3.4.1 fail to properly release Redis connections when users open and close browser tabs, allowing unauthenticated attackers to exhaust the Redis connection pool and degrade service functionality. An attacker can repeatedly trigger connection leaks without authentication, causing storage errors and degraded performance once connection limits are reached. Public exploit code exists for this vulnerability, which is patched in version 3.5.0.
Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.
Memory exhaustion in BIND 9 resolver allows unauthenticated remote attackers to cause denial of service by querying specially crafted domains, affecting versions 9.20.0-9.20.20, 9.21.0-9.21.19, and 9.20.9-S1-9.20.20-S1. The vulnerability stems from improper memory management (CWE-772) and can be triggered without authentication or user interaction. Patches are available for affected Ubuntu, SUSE, and Debian systems.
FreeBSD's blocklistd service leaks socket descriptors on each adverse event report, causing progressive service degradation until it can no longer block malicious IP addresses or process new reports. An attacker can exploit this by generating numerous fraudulent adverse events from disposable IP addresses to exhaust socket resources and disable the blocking mechanism before launching an actual attack. The vulnerability has a high severity rating (CVSS 7.5) and currently lacks a patch.
Cisco Secure Firewall ASA devices fail to properly manage embryonic connection limits during TCP SYN flood attacks, allowing unauthenticated remote attackers to block all incoming TCP connections including management access and VPN services. An attacker can exploit this denial-of-service vulnerability by sending crafted traffic streams to management or data interfaces, effectively isolating the device from legitimate network access. No patch is currently available for this HIGH severity vulnerability.
A vulnerability in Multer versions up to 2.1.0 is affected by missing release of resource after effective lifetime.
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Free sp in error path to fix system crash System crash seen during load/unload test in a loop, [61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X.
Memory allocation profiling in the Linux kernel fails to properly clear allocation tags during abort operations when CONFIG_MEM_ALLOC_PROFILING_DEBUG is enabled, allowing a local privileged user to trigger a denial of service through kernel warnings and potential system instability. The vulnerability affects the slab memory allocator's interaction with memcg abort handling and requires local access with elevated privileges to exploit. No patch is currently available for this medium-severity issue.
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. [CVSS 4.3 MEDIUM]
NiceGUI versions 2.10.0 through 3.4.1 fail to properly release Redis connections when users open and close browser tabs, allowing unauthenticated attackers to exhaust the Redis connection pool and degrade service functionality. An attacker can repeatedly trigger connection leaks without authentication, causing storage errors and degraded performance once connection limits are reached. Public exploit code exists for this vulnerability, which is patched in version 3.5.0.
Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.