Lucene search
K

279 matches found

CNNVD
CNNVD
added 2024/10/14 12:0 a.m.8 views

Next.js 安全漏洞

Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in Next.js that stems from excessive CPU consumption...

7.5CVSS6.6AI score0.00737EPSS
Exploits1References5
Veracode
Veracode
added 2024/10/08 12:39 p.m.11 views

Uncontrolled Resource Consumption

Apache Commons IO is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to excessive CPU consumption caused by the org.apache.commons.io.input.XmlStreamReader class when processing maliciously crafted input...

4.3CVSS7AI score0.01241EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/09/16 12:3 p.m.40 views

BIT-PYTHON-2024-7592 Quadratic complexity parsing cookies with backslashes

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

7.5CVSS6.6AI score0.02303EPSS
Exploits1References13
NVD
NVD
added 2024/09/10 3:15 p.m.35 views

CVE-2024-23184

Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...

5CVSS0.00839EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2024/09/10 12:0 a.m.12 views

Fedora: Security Advisory (FEDORA-2024-ba5bb9f63a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01284EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2024/09/03 12:0 a.m.17 views

EulerOS Virtualization 2.12.0 : nghttp2 (EulerOS-SA-2024-2332)

According to the versions of the nghttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps...

5.3CVSS7.1AI score0.8496EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/08/28 12:0 a.m.13 views

Fedora 39 : dovecot (2024-ba5bb9f63a)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ba5bb9f63a advisory. - CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. - CVE-2024-23185: Abnormally large email headers are n...

7.5CVSS6.8AI score0.01284EPSS
Exploits2References3
Amazon
Amazon
added 2024/08/20 12:0 a.m.27 views

Important: bind

Issue Overview: The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This...

7.5CVSS8AI score0.01327EPSS
Exploits0
NVD
NVD
added 2024/08/19 7:15 p.m.20 views

CVE-2024-7592

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

7.5CVSS0.02303EPSS
Exploits1References12
OSV
OSV
added 2024/08/19 7:6 p.m.18 views

CVE-2024-7592 Quadratic complexity parsing cookies with backslashes

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

7.5CVSS6.7AI score0.02303EPSS
Exploits1References15
OpenVAS
OpenVAS
added 2024/08/19 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2024-0280)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.01284EPSS
Exploits2References4
Atlassian
Atlassian
added 2024/08/15 8:11 p.m.25 views

DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Bamboo Data Center and Server

This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.bouncycastle:bcprov-jdk18on Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS6.6AI score0.011EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/07/09 9:14 p.m.105 views

Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...

7.5CVSS6.8AI score0.02719EPSS
Exploits0References4Affected Software13
RedhatCVE
RedhatCVE
added 2024/07/01 8:20 p.m.36 views

CVE-2023-42503

A flaw was found in Apache Commons Compress, where it would permit the creation of a malformed TAR file by manipulating file modification time headers. This issue can lead to excessive CPU consumption and a denial of service, affecting the availability...

5.5CVSS5.4AI score0.00489EPSS
Exploits0References4
NVD
NVD
added 2024/06/06 7:16 p.m.19 views

CVE-2024-5552

kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service ReDoS attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes th...

7.5CVSS0.00649EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/05 4:4 p.m.68 views

Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND

Summary UPDATED: Corrected the affected fileset levels to reflect that bind.rte 7.1.916.2604 and 7.3.916.2601 are vulnerable Multiple vulnerabilities in ISC BIND could allow a remote attacker to cause a denial of service. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details...

7.5CVSS8.1AI score0.99995EPSS
Exploits1Affected Software2
SUSE CVE
SUSE CVE
added 2024/05/16 2:21 a.m.3 views

SUSE CVE-2024-29857

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of th...

5.8CVSS7AI score0.011EPSS
Exploits0References3
OSV
OSV
added 2024/05/14 3:17 p.m.6 views

UBUNTU-CVE-2024-29857

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of th...

7.5CVSS6.8AI score0.011EPSS
Exploits0References5
Amazon
Amazon
added 2024/05/13 12:0 a.m.39 views

Important: nghttp2

Issue Overview: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage ...

5.3CVSS7.6AI score0.8496EPSS
Exploits1
Cvelist
Cvelist
added 2024/05/09 4:17 a.m.41 views

CVE-2024-29857

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of th...

6.6AI score0.011EPSS
Exploits0References3
Rows per page
Query Builder