71 matches found
PT-2024-19057
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions affected versions not specified Description When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Recommendations At the...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a flaw in the handling of certain data inputs. An attacker can cause a denial of service by sending specially crafted data to the application. Details Denial of Service DoS describes a family of attacks, all...
PT-2023-27504 · F5 · Big-Ip
Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Recommendations: At th...
CVE-2023-0384
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job...
PT-2023-3149 · Hyper +2 · Hyper +2
Name of the Vulnerable Software and Affected Versions: hyper version 0.13.7 h2 version 0.2.4 Description: An issue in the H2 component of hyper occurs when processing HTTP2 RST STREAM frames, leading to stream stacking and high memory and CPU usage, which can result in a Denial of Service DoS. Th...
OESA-2023-1098 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a...
PT-2023-13544 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.3 through 15.6.7 GitLab CE/EE versions 15.7 through 15.7.6 GitLab CE/EE versions 15.8 through 15.8.1 Description: An issue has been discovered in GitLab CE/EE where an attacker may upload a crafted CI job artifact zip...
GHSA-Q2JF-H9JM-M7P4 Django contains Uncontrolled Resource Consumption via cached header
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...
PYSEC-2023-12
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...
PT-2022-7329 · Xenstore +1 · Xenstore +1
Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue is related to the uncontrolled allocation of resources in Xenstore, which can lead to a Denial of Service DoS of xenstored. Malicious guests can cause xenstored to allocate large...
PT-2022-7327 · Xenstore +1 · Xenstore +1
Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue is related to the uncontrolled allocation of resources in Xenstore, which can lead to a Denial of Service DoS of xenstored. Malicious guests can cause xenstored to allocate large...
PT-2022-7330 · Xenstore +1 · Xenstore +1
Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue is related to the uncontrolled allocation of resources in Xenstore, which can lead to a Denial of Service DoS of xenstored. Malicious guests can cause xenstored to allocate large...
PT-2022-25498 · Bento4 · Bento4
Name of the Vulnerable Software and Affected Versions: Bento4 version 1.6.0-639 Description: An issue was discovered in Bento4, where there is excessive memory consumption in AP4 CttsAtom::Create in Core/Ap4CttsAtom.cpp. Recommendations: For Bento4 version 1.6.0-639, consider restricting the use ...
Allocation of Resources Without Limits or Throttling
Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of...
Argo 缓冲区错误漏洞
Argo is an open source container native workflow engine. A buffer error vulnerability in Kubernetes Argo Events prior to version 1.7.1, which stems from ioutil.ReadAll reading all data into memory, can be exploited by an attacker to send a large number of requests to the Argo Events server,...
Denial of Service (DoS)
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
...
PT-2021-7976 · Netty +5 · Netty +5
Name of the Vulnerable Software and Affected Versions: Netty versions prior to 4.1.67.Final Description: The Snappy frame decoder function does not restrict the chunk length, which may lead to excessive memory usage. Additionally, it may buffer reserved skippable chunks until the whole chunk is...
EMQ X Broker 安全漏洞
EMQ X Broker is a distributed message broker. A security vulnerability exists in EMQ X Broker prior to 4.2.8, which is caused by excessive memory consumption due to processing untrustworthy input...
envoy: Resource exhaustion when processing HTTP/1.1 headers with long field names
An uncontrolled resource consumption vulnerability was found in Envoy. This flaw allows an attacker to craft many HTTP requests with long field names or URLs to cause the proxy to consume excessive amounts of memory, potentially resulting in a denial of service. The highest threat from this...