Sha256 Crypt和Sha512 Crypt 安全漏洞

Both Sha256 Crypt and Sha512 Crypt are a cryptographic hash function by the individual developer Ulrich Drepper. A security vulnerability exists in Sha256 Crypt and Sha512 Crypt that allows an attacker to cause a denial of service CPU consumption by exploiting the vulnerability because the...

GHSA-53HP-JPWQ-2JGQ Uncontrolled Resource Consumption in Apache Tomcat

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...

LINE for Windows 输入验证错误漏洞

Line Corporation LINE for Windows is a Windows-based instant messaging application from Line Corporation, Japan. An input validation error vulnerability exists in LINE for Windows, which stems from a lack of media file checking before rendering, and can be exploited to send specially crafted gif...

PT-2022-15696 · Line · Line For Windows

Name of the Vulnerable Software and Affected Versions: LINE for Windows versions prior to 7.4 Description: The issue arises from the lack of media file checks before rendering, allowing an attacker to cause abnormal CPU consumption for the message recipient by sending a specially crafted gif imag...

GitLab 输入验证错误漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to input validation errors, which can be exploited to cause high CPU usage...

Cisco NX-OS Software 输入验证错误漏洞

Cisco NX-OS Software is a set of data center-class operating system software for switches from Cisco, U.S. A denial-of-service vulnerability exists in the VXLAN OAM feature of Cisco NX-OS Software, which can be exploited by attackers by sending specially crafted packets to cause high device CPU...

dotnet: ASP.NET Core WebSocket frame processing DoS

An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability...

jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...

OTRS AG OTRS 输入验证错误漏洞

OTRS is an application from the German company OTRS. A service management software. OTRS AG An input validation error vulnerability exists in OTRS that arises from the system not properly validating incoming data. An attacker placing a specially crafted URL in the body of an email message could...

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

pydantic 安全漏洞

pydantic is a software application. Data validation and settings management using Python type hints. A security vulnerability exists in Pydantic. The vulnerability stems from the fact that the program's validation will always run at 100% CPU usage...

PT-2021-14435 · Xstream +4 · Xstream +4

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.16 Description: The issue allows a remote attacker to allocate 100% CPU time on the target system, depending on CPU type or parallel execution of a payload, resulting in a denial of service by manipulating the...

Eclipse Jetty Resource Management Error Vulnerability

Eclipse Jetty is an open source, Java-based web server and Java Servlet container from the Eclipse Foundation. A resource management error vulnerability exists in Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0, which stems from excessive CPU utilization to process...

CVE-2021-22976

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU...

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

nghttp2: overly large SETTINGS frames can lead to DoS

A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...

nghttp2: overly large SETTINGS frames can lead to DoS

A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...

UBUNTU-CVE-2017-9104

An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered...