Lucene search
K

43 matches found

Tenable Nessus
Tenable Nessus
added 2025/05/27 12:0 a.m.10 views

Amazon Linux AMI : libsoup (ALAS-2025-1979)

The version of libsoup installed on the remote host is prior to 2.28.2-5.9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1979 advisory. A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out- of-bound read. This...

9CVSS6.6AI score0.00847EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-29408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image both in terms o...

6.5CVSS6.7AI score0.0086EPSS
Exploits0References3
OSV
OSV
added 2025/02/26 8:14 a.m.10 views

AZL-57437 CVE-2025-22869 affecting package cert-manager for versions less than 1.11.2-20

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

7.5CVSS6.6AI score0.00868EPSS
Exploits0References1
Mageia
Mageia
added 2024/09/10 4:40 p.m.43 views

Nginx has been updated to the latest stable release to fix CVE

CVE-2024-7347: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and...

5.7CVSS6.7AI score0.0032EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/07/23 12:31 p.m.4 views

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

7.8CVSS7.1AI score0.00333EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/05/07 2:48 p.m.25 views

CVE-2024-32663

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...

7.5CVSS7.4AI score0.00956EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/02/26 4:27 p.m.38 views

CVE-2024-23836

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extrem...

7.5CVSS7.1AI score0.01164EPSS
Exploits0References28
OSV
OSV
added 2023/11/22 10:15 a.m.5 views

CVE-2023-6117

A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks...

7.5CVSS5.9AI score0.00713EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.5 views

PT-2023-16231 · M Files · M-Files Server

Name of the Vulnerable Software and Affected Versions: M-Files Server versions prior to 23.4.12528.1 Description: The issue allows user-controlled operations to cause Denial of Service due to uncontrolled memory consumption. Recommendations: For versions prior to 23.4.12528.1, update to version...

6.5CVSS7.2AI score0.00796EPSS
Exploits0References6
NVD
NVD
added 2023/03/02 7:15 p.m.31 views

CVE-2023-26470

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number e.g. 67108863. Most of the time this will fill the memory allocated to XWiki and make it unusable every...

7.5CVSS6.4AI score0.00855EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/02/20 12:0 a.m.6 views

PT-2023-20216 · Unknown · Notation-Go

Name of the Vulnerable Software and Affected Versions: notation-go versions prior to 1.0.0-rc.3 Description: The issue causes excessive memory consumption when verifying signatures, leading to application crashes and impacting availability. Users can review their trust policy file for the identit...

7.5CVSS7.3AI score0.0044EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.3 views

SUSE CVE-2006-1862

The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service panic by running lsof a large number of times in a way that produces a heavy system load...

4.9CVSS6.3AI score0.00476EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/11/01 12:0 a.m.4 views

CVE-2022-42318

Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service...

6.4AI score0.00245EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/05/20 12:0 a.m.3 views

PT-2022-19454

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description The implementation of tf.ragged.constant does not fully validate the input arguments,...

5.5CVSS6.1AI score0.00316EPSS
Exploits1References19
Debian CVE
Debian CVE
added 2021/11/11 9:45 p.m.18 views

CVE-2021-3912

OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory and thus crash...

6.5CVSS6.3AI score0.00822EPSS
Exploits0
CNNVD
CNNVD
added 2021/06/08 12:0 a.m.4 views

VerneMQ MQTT Broker 安全漏洞

MQTT Message Queuing Telemetry Transport is an ISO standard ISO/IEC PRF 20922 based on the Publish/Subscribe paradigm of messaging protocols, which works on the TCP/IP family of protocols, and is designed for remote devices with low hardware performance and poor network conditions. It works on th...

7.5CVSS7.4AI score0.011EPSS
Exploits0References1
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/05/24 6:3 a.m.160 views

What is Ping of Death Assault?

Ping of death is a strategy for DoS Denial of Service assault. It’s an attack-type that objectifies the ICMP Internet Control Message Protocol and the TCP Transmission Control Protocol, and is quite possibly the most undermining of all ICMP attacks. The ping of death attack is otherwise called a...

0.1AI score
Exploits0
OSV
OSV
added 2021/03/18 12:0 p.m.37 views

RUSTSEC-2021-0041 Denial of service through parsing payloads with too big exponent

The parseduration::parse function allows for parsing duration strings with exponents like 5e5s where under the hood, the BigInt type along with the pow function are used for such payloads. Passing an arbitrarily big exponent makes the parseduration::parse function to process the payload for a ver...

7.5CVSS7.3AI score0.00973EPSS
Exploits0References3
Veracode
Veracode
added 2019/01/15 9:14 a.m.29 views

Denial Of Service (DoS)

OpenSSL is vulnerable to Denial Of Service DoS. A malicious user can send multiple large OCSP Status Request extension to the server. causing it to run out of memory and crash...

7.5CVSS8.6AI score0.63029EPSS
Exploits2References65Affected Software9
Tenable Nessus
Tenable Nessus
added 2013/12/04 12:0 a.m.40 views

Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20131121)

An integer overflow flaw was found in the way Samba handled an Extended Attribute EA list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. CVE-2013-412...

5CVSS7AI score0.69008EPSS
Exploits7References2
Rows per page
Query Builder