denial of service

A null-pointer defensive check added to the Intel i915 HDCP code (hdcp2_get_capability) closes a local denial‑of‑service vector tracked as CVE‑2024‑53050 by ensuring the encoder pointer is validated before use, turning an uncontrolled kernel oops into a deterministic error path and removing a...

Linux kernel maintainers closed a subtle but impactful race in the perf subsystem that could cause hosts to hang while freeing a sigtrap event, a denial‑of‑service condition tracked as CVE‑2025‑37747 and now fixed upstream and in many vendor kernels. Background The Linux perf subsystem is the...

A reachable assertion in QEMU’s USB handling (usb_ep_get in hw/net/core.c) can be triggered from an unprivileged guest and crash the host-side QEMU process, producing a host-level denial-of-service that administrators must treat as a high-availability risk and remediate immediately. Background /...

HAProxy Technologies has published an advisory for CVE‑2025‑11230, a high‑severity denial‑of‑service flaw rooted in an Inefficient Algorithm Complexity (CWE‑407) in the embedded mjson JSON parser; specially crafted JSON payloads that include extremely large numeric values can trigger...

A newly disclosed high-severity vulnerability in Ceph’s RADOS Gateway (RGW) lets an unauthenticated attacker crash the RGW daemon by issuing an S3 object-copy operation that includes an empty x-amz-copy-source value, producing a reliable denial‑of‑service (DoS) that can render S3-compatible...

A type‑confusion bug in libxslt’s internal node representation — where the same psvi memory field is reused for stylesheet and input nodes — can be forced to misinterpret an XML document and produce out‑of‑bounds accesses, crashes, and memory corruption that result in reliable denial‑of‑service...

A null-pointer dereference in libssh’s key-exchange (KEX) session‑ID calculation has been publicly disclosed as CVE-2025-8114, and upstream maintainers, distribution security teams, and third‑party trackers classify the flaw as an availability vulnerability that can crash SSH clients or servers...

A newly cataloged vulnerability, CVE-2025-29478, in Fluent Bit v3.7.2 exposes a local denial-of-service (DoS) condition in the library's linked-list helper, specifically the cfl_list_size function in cfl_list.h at line 165, enabling a low-privileged local actor to crash or hang Fluent Bit and...

A newly published vulnerability in the Go standard library — tracked as CVE-2025-61724 — exposes a classic performance pitfall: the Reader.ReadResponse function in net/textproto could be coaxed into excessive CPU consumption when it constructs response messages composed of a large number of...

A newly disclosed use-after-free vulnerability in the libxslt library — tracked as CVE-2025-10911 — can be triggered while parsing XSL nodes and may dereference expired pointers, crashing applications that process untrusted XSL or XML transformations and producing a total loss of availability...

Qt maintainers have assigned CVE‑2025‑12385 to a serious input‑validation bug in the Qt Quick Text component that can be triggered by a crafted <img> tag and lead to excessive memory allocation and application unresponsiveness. Background / Overview The Qt Quick Text component is the HTML‑style...

A newly published vulnerability in Go's standard library, tracked as CVE-2025-61729, exposes a denial-of-service vector in the crypto/x509 package: the HostnameError.Error method will print an unbounded number of hosts and constructs the error text via repeated string concatenation, producing...

A new denial-of-service vulnerability in Python’s plist parsing library can cause uncontrolled memory allocation and process crashes when parsing malicious Property List (Plist) files, and administrators, developers, and Windows users who run Python-based toolchains should treat this as a...

A malformed Lua script that reaches Redis’ embedded interpreter can trigger a NULL-pointer dereference and crash redis-server, a denial‑of‑service flaw tracked as CVE‑2022‑24736 that was fixed upstream in Redis 6.2.7 and 7.0.0; the practical mitigations for environments that cannot immediately...

Shelly’s Pro 3EM smart DIN-rail energy meter contains a Modbus parsing bug that CISA calls an out‑of‑bounds read leading to a reboot and denial‑of‑service; the agency assigned CVE‑2025‑12056 and reported a CVSS v4 base score of 8.3, warning operators that specially crafted Modbus requests can...

LZ4 users and integrators should treat a recently published flaw as a pragmatic stability and supply‑chain risk: CVE‑2025‑62813 is a denial‑of‑service vulnerability in the widely used LZ4 library that affects releases through v1.10.0, rooted in improper NULL handling inside the frame API and...

Microsoft has recorded CVE-2025-59253 as a local Denial‑of‑Service (DoS) vulnerability in the Windows Search component and has published a security update for affected builds; the vendor characterizes the weakness as improper access control (CWE‑284) with a CVSS v3.1 base score of 5.5 (Medium)...

Microsoft disclosed CVE-2025-59190 on October 14, 2025: an improper input validation vulnerability in the Windows Search component that can be triggered locally to cause a denial-of-service condition, and Microsoft has published a security update for affected builds. Background Windows Search...

Microsoft has published a security advisory for CVE‑2025‑58729 — a denial‑of‑service flaw in the Windows Local Session Manager (LSM) that, according to vendor metadata and multiple independent trackers, can be triggered over the network by a low‑privilege (authorized) actor and is scored CVSS...

Microsoft’s October security updates close a path to system instability in the DirectX graphics stack: CVE-2025-55698 is a null pointer dereference in the DirectX Graphics Kernel that can be triggered remotely by an authenticated, low-privileged attacker to cause a denial of service (DoS) and...