227 matches found
PT-2023-24680 · Zxcvbn-Ts · Zxcvbn-Ts
Name of the Vulnerable Software and Affected Versions: zxcvbn-ts versions prior to 3.0.2 Description: This issue affects users running on the NodeJS platform who are using the second argument of the zxcvbn function. It can result in unbounded resource consumption as the user inputs array is...
bind security and bug fix update
32:9.11.36-8 - Correct regression preventing bind-dyndb-ldap build 2133889 32:9.11.36-7 - Prevent excessive resource use while processing large delegations. CVE-2022-2795 32:9.11.36-6 - Prevent freeing zone during statistics rendering 2101712...
golang: net/http, mime/multipart: denial of service from excessive resource consumption
A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...
CVE-2023-23447
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the availability of the webserver by invocing several open file requests via the REST interface...
Intel Unite 资源管理错误漏洞
Intel Unite is a suite of enterprise meeting collaboration solutions from Intel Corporation USA. A security vulnerability exists in Intel Unite prior to version 17 that stems from uncontrolled resource consumption, which can lead to a denial of service...
openssl: Fix of 3 CVEs
CVE-2023-0464: Fix excessive resource use verifying X.509 policy constraints - CVE-2023-0466: Fix documentation of X509VERIFYPARAMadd0policy - CVE-2022-3996: Drop redundant flag setting in policycachesetmapping...
CLSA-2023-1683235231 openssl: Fix of 3 CVEs
CVE-2023-0464: Fix excessive resource use verifying X.509 policy constraints - CVE-2023-0466: Fix documentation of X509VERIFYPARAMadd0policy - CVE-2022-3996: Drop redundant flag setting in policycachesetmapping...
F5 BIG-IP 资源管理错误漏洞
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP suffers from a resource management error vulnerability that originates from uncontrolled resource consumption by an...
The vulnerability of cloud-based software for creating and using Nextcloud storage solutions allows a attacker to cause service failures.
The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability in operating systems such as MacOS, iOS, tvOS, iPadOS, and watchOS, related to uncontrolled resource consumption during certificate processing, allows attackers to trigger service failures.
The vulnerability of operating systems such as MacOS, iOS, tvOS, iPadOS, and watchOS is related to an uncontrolled consumption of resources during the processing of certificates. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
AZL-25709 CVE-2023-0464 affecting package rust for versions less than 1.68.0-1
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...
Dell PowerScale OneFS 资源管理错误漏洞
Dell PowerScale OneFS is an operating system from Dell USA Inc. Dell PowerScale OneFS is vulnerable to a resource management error that stems from the presence of uncontrolled resource consumption, which could be exploited by an attacker to compromise built-in hardware management functions and...
bind security update
32:9.11.4-26.P2.13 - Tighten cache protection against record from forwarders CVE-2021-25220 32:9.11.4-26.P2.12 - Include test of forwarders CVE-2021-25220 32:9.11.4-26.P2.11 - Prevent excessive resource use while processing large delegations. CVE-2022-2795...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS by sending an invalid request to an exposed endpoint. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...
The vulnerability of the dialog plugin for the WYSIWYG editor CKEditor, which allows a hacker to trigger a service failure.
The vulnerability of the dialog plugin in the WYSIWYG editor CKEditor is related to an uncontrolled resource consumption during the processing of regular expressions for validation purposes. Exploiting this vulnerability could allow a malicious actor to cause service failures...
CLSA-2022-1669241475 Fix CVE(s): CVE-2022-45061
SECURITY UPDATE: Uncontrolled resource consumption - debian/patches/CVE-2022-45061.patch: Fix quadratic time idna decoding - CVE-2022-45061 Fix the tests: Certificates were expired - debian/patches/update-test-certs-and-keys.patch: Update test certs and keys...
The vulnerability of Websoft HCM’s automation software for HR processes lies in its uncontrolled resource consumption, which allows attackers to trigger service interruptions.
The vulnerability of Websoft HCM’s automation software for HR processes is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
[SECURITY] Fedora 35 Update: lighttpd-1.4.67-1.fc35
lighttpd pronounced /lighty/ is a secure, fast, compliant, and very flexible web server that has been optimized for high-performance environments. lighttpd uses memory and CPU efficiently and has lower resource use than other popular web servers. Its advanced feature-set FastCGI, CGI, Auth,...
The vulnerability of the SPICE remote virtual desktop rendering system, related to uncontrolled resource consumption, allows a intruder to trigger a service failure.
The vulnerability of the SPICE remote virtual desktop rendering system is related to significantly lower resource consumption on the client side compared to the server when establishing a new SSL connection. Exploiting this vulnerability allows a malicious actor to cause service interruptions...
Slackware: Security Advisory (SSA:2022-264-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...