Lucene search
+L

197 matches found

RedHat Linux
RedHat Linux
added 2024/05/06 1:15 a.m.11 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/04/26 12:0 a.m.35 views

CentOS 9 : kernel-5.14.0-354.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the kernel-5.14.0-354.el9 build changelog. - A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6 functionality when a user makes a new kind of SYN...

5.7CVSS6.7AI score0.00553EPSS
Exploits0References2
OSV
OSV
added 2024/04/04 2:30 p.m.35 views

CVE-2024-27919 HTTP/2: memory exhaustion due to CONTINUATION frame flood

Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an...

7.5CVSS7.9AI score0.86746EPSS
Exploits1References7
NVD
NVD
added 2024/02/27 4:15 a.m.39 views

CVE-2023-7033

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-R series CPU module, MELSEC iQ-L series CPU module, MELSEC iQ-R Ethernet Interface Module, MELSEC iQ-R CC-Link IE TSN Master/Local Module, CC-Link IE TSN Remote I/O Module, CC-Link IE TSN...

5.3CVSS5.2AI score0.00854EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/02/26 2:21 a.m.8 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
OSV
OSV
added 2024/02/22 12:30 p.m.53 views

GHSA-RMQP-MVV2-54C6 Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content...

7.1CVSS9.1AI score0.0248EPSS
Exploits1References4
NVD
NVD
added 2024/02/22 10:15 a.m.32 views

CVE-2024-22393

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content...

9.1CVSS6.4AI score0.0248EPSS
Exploits1References2
Prion
Prion
added 2024/02/22 10:15 a.m.28 views

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content...

6.7AI score0.0248EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/22 9:51 a.m.15 views

CVE-2024-22393 Apache Answer: Pixel Flood Attack by uploading the large pixel file

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content...

9.2AI score0.0248EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/22 9:51 a.m.41 views

CVE-2024-22393 Apache Answer: Pixel Flood Attack by uploading the large pixel file

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content...

6.7AI score0.0248EPSS
Exploits1References2
OSV
OSV
added 2024/02/22 9:51 a.m.10 views

CVE-2024-22393 Apache Answer: Pixel Flood Attack by uploading the large pixel file

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content...

9.1CVSS7.1AI score0.0248EPSS
Exploits1References4
CVE
CVE
added 2024/02/22 9:51 a.m.3858 views

CVE-2024-22393

The CVE-2024-22393 issue affects Apache Answer up to version 1.2.1 and enables a pixel-flood DoS by uploading large image files. A logged-in user can trigger memory exhaustion, leading to a server DoS. Remediation is to upgrade to version 1.2.5 (or later). Multiple sources (NVD, Red Hat, CNVD, Ve...

9.1CVSS9.2AI score0.0248EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.5 views

PT-2024-19386 · Apache · Apache Answer

Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.2.1 Description: The issue affects Apache Answer, allowing a logged-in user to cause a Pixel Flood Attack by uploading large pixel files, which can cause the server to run out of memory. This can be done by...

9.1CVSS9.1AI score0.0248EPSS
Exploits1References15
NVD
NVD
added 2024/02/02 4:15 p.m.46 views

CVE-2024-23824

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...

4.7CVSS4.7AI score0.00597EPSS
Exploits1References3
Prion
Prion
added 2024/02/02 4:15 p.m.17 views

Code injection

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...

3.3CVSS7AI score0.00597EPSS
Exploits1References3
CVE
CVE
added 2024/02/02 3:18 p.m.49 views

CVE-2024-23824

CVE-2024-23824 affects mailcow (dockerized email package). A pixel flood vulnerability arises when a payload is uploaded in the logo, causing the admin page to slow down and become unresponsive. Affected versions are 2023-12a and prior; a patch was released in 2024-01. Mitigation/remediation: upg...

4.7CVSS3.9AI score0.00597EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/02 3:18 p.m.4 views

CVE-2024-23824 mailcow ipixel flood attack leads to Denial of Service in admin page

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...

4.7CVSS7AI score0.00597EPSS
Exploits1References3
OSV
OSV
added 2024/02/02 3:18 p.m.36 views

CVE-2024-23824 mailcow ipixel flood attack leads to Denial of Service in admin page

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...

4.7CVSS4.8AI score0.00597EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/02/02 12:0 a.m.9 views

PT-2024-20106 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: mailcow versions 2023-12a and prior Description: The application is vulnerable to a pixel flood attack. Once the payload has been successfully uploaded in the logo, the application becomes slow and unresponsive in the admin page...

4.7CVSS3.9AI score0.00597EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.35 views

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2023-3010)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Improper access control in the IntelR Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to...

9.8CVSS6.8AI score0.00978EPSS
Exploits2References12
Rows per page
Query Builder