Lucene search
+L

227 matches found

RedhatCVE
RedhatCVE
added 2025/01/09 5:58 p.m.9 views

CVE-2024-56783

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsocket: remove WARNONONCE on maximum cgroup level cgroup maximum depth is INTMAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove...

5.5CVSS7.1AI score0.002EPSS
Exploits0References4
OSV
OSV
added 2025/01/08 5:51 p.m.8 views

CVE-2024-56783 netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsocket: remove WARNONONCE on maximum cgroup level cgroup maximum depth is INTMAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove...

5.5CVSS6AI score0.002EPSS
Exploits0References8
NVD
NVD
added 2024/12/30 10:15 p.m.14 views

CVE-2024-13058

An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products such ...

4.8CVSS0.00417EPSS
Exploits0References1
Prion
Prion
added 2024/12/30 10:15 p.m.14 views

CVE-2024-13058

An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products such ...

0.00417EPSS
Exploits0References1
OSV
OSV
added 2024/12/18 4:35 p.m.15 views

GO-2024-3334 Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server

Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server...

6.5CVSS5AI score0.00507EPSS
Exploits0References3
NVD
NVD
added 2024/11/14 10:15 p.m.16 views

CVE-2024-48973

The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port which are unencrypted; see 3.2.1 that result in unauthorized disclosure of information and/or have unintended impacts on device settings and...

9.3CVSS0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/14 9:24 p.m.13 views

CVE-2024-48973 Debug port on Life2000 Ventilator serial interface is enabled by default

The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port which are unencrypted; see 3.2.1 that result in unauthorized disclosure of information and/or have unintended impacts on device settings and...

9.3CVSS6.4AI score0.00221EPSS
Exploits0References1
Huntr
Huntr
added 2024/10/23 8:58 a.m.5 views

Allowing execution user provided regexp, lead to Redos

Description librechat have a functionality of uploading chatgpt chat log. when processing the log, following code is executed: const pattern = new RegExp \u3010$citation.metadata.extra.citedmessageidx\u2020.+?\u3011, 'g', ; const replacement = $citation.metadata.title; messageText =...

7.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/10/15 6:30 p.m.57 views

ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function

The ReDoS can be exploited through the parseHTML function in the html-parser.ts file. This flaw allows attackers to slow down the application by providing specially crafted input that causes inefficient processing of regular expressions, leading to excessive resource consumption. To demonstrate...

3.7CVSS6.4AI score0.00507EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/15 6:30 p.m.18 views

GHSA-5J4C-8P2G-V4JX ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function

The ReDoS can be exploited through the parseHTML function in the html-parser.ts file. This flaw allows attackers to slow down the application by providing specially crafted input that causes inefficient processing of regular expressions, leading to excessive resource consumption. To demonstrate...

6.3CVSS3.7AI score0.00507EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/07 12:0 a.m.8 views

PT-2024-32922 · Solidigm · Solidigm Dc Products

Name of the Vulnerable Software and Affected Versions: Solidigm DC Products affected versions not specified Description: The issue is related to improper resource management in the firmware of some Solidigm DC Products. This flaw may allow an attacker to potentially control the performance of the...

4CVSS6.8AI score0.00157EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/09/09 8:19 p.m.159 views

path-to-regexp outputs backtracking regular expressions

Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...

7.5CVSS7.3AI score0.00932EPSS
Exploits0References10Affected Software1
Microsoft CVE
Microsoft CVE
added 2024/08/15 7:0 a.m.4 views

BIND's database will be slow if a very large number of RRs exist at the same name

...

7.5CVSS8.9AI score0.02114EPSS
Exploits0
Citrix
Citrix
added 2024/07/16 12:0 a.m.8 views

Hotfix XS82ECU1070 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1. All customers who are affected by the issues described inCTX691115 - Citrix Hypervisor Security Bulletinshould install this hotfix. Note: This hotfix is available only to customers on...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2024/05/20 12:30 p.m.49 views

Drs-Malware-Scan - Perform File-Based Malware Scan On Your On-Prem Servers With AWS

Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints. Signature-based antivirus alone is insufficient as moder...

7.4AI score
Exploits0References2
OSV
OSV
added 2024/05/09 11:18 a.m.6 views

SUSE-SU-2024:1574-1 Security update for go1.21

This update for go1.21 fixes the following issues: Update to go1.21.10: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin bsc1224017 - net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/[email protected]...

6.4CVSS7.1AI score0.0076EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2024/04/04 12:34 a.m.31 views

CVE-2024-26763

In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified 1. So, fix this problem by copying the data...

5.5CVSS6.8AI score0.00282EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:16 a.m.19 views

BIT-GITLAB-2022-1099

Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab...

4.3CVSS4.4AI score0.00861EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/02/28 3:40 a.m.2 views

SUSE CVE-2024-26602

In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sysmembarrier On some systems, sysmembarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to preve...

4.7CVSS6.2AI score0.00316EPSS
Exploits0References19
UbuntuCve
UbuntuCve
added 2024/02/26 12:0 a.m.15 views

CVE-2023-52466

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.6AI score
Exploits0References2
Rows per page
Query Builder