Lucene search
K

477 matches found

OSV
OSV
added 2025/05/09 10:15 a.m.3 views

UBUNTU-CVE-2025-46392

Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuratio...

6.5CVSS6.8AI score0.02054EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/07 12:48 p.m.4 views

python-werkzeug: high resource usage when parsing multipart form data with many fields

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...

7.5CVSS7AI score0.0142EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.6 views

PT-2025-20302 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: The issue occurs when a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, and undisclosed responses can cause an increase in memory resource utilization. Recommendations: A...

8.7CVSS7.5AI score0.00357EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.2 views

Do Not Enable the LDAP Service

Lightweight Directory Access Protocol LDAP is a protocol that provides access control and is used to maintain distributed directory information. The LDAP service increases system resource usage and expands the attack surface. If the LDAP service is not required, do not install the LDAP service. T...

6.8AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/14 12:0 a.m.8 views

Vulnerability of the nfp_cpp_area_cache_add() function in the drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c file – a driver for supporting Ethernet network adapters in the Linux operating system, which allows an attacker to cause a service failure.

Vulnerability of the nfpcppareacacheadd function in the drivers/net/ethernet/netronome/nfp/nfpcore/nfpcppcore.c file – The Linux kernel’s Ethernet adapter support driver has a vulnerability related to uncontrolled resource consumption. Exploiting this vulnerability could allow an attacker to caus...

5.5CVSS6.1AI score0.0024EPSS
Exploits0References18Affected Software3
BDU FSTEC
BDU FSTEC
added 2025/04/09 12:0 a.m.7 views

The vulnerability of the command-line tool of the Zstandard data compression library, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of the command-line tool of the Zstandard data compression library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS6.7AI score0.01588EPSS
Exploits0References11Affected Software3
RedHat Linux
RedHat Linux
added 2025/04/07 3:15 p.m.3 views

cpython: python: Uncontrolled CPU resource consumption when in http.cookies module

A flaw was found in the http.cookies module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption...

7.5CVSS7.3AI score0.02303EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2025/04/07 12:0 a.m.5 views

The vulnerability of the SIEM system testing tool Kraken Stress Testing Toolkit lies in its uncontrolled resource consumption, which allows a malicious actor to trigger a service failure.

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

7.8CVSS5.5AI score
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2025/04/02 5:6 p.m.3 views

expat: parsing large tokens can trigger a denial of service

A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service...

7.5CVSS6.8AI score0.01815EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2025/04/01 12:0 a.m.4 views

Vulnerability of the acpi_processor_power_exit() function in the driver/acpi/processor_idle.c module – The ACPI support driver for the Linux kernel’s processor idle state provides a mechanism for allowing attackers to access protected information or cause system failures.

Vulnerability of the acpiprocessorpowerexit function in the driver/acpi/processoridle.c module – The ACPI support driver for the Linux kernel involves unconstrained and unrestricted resource allocation. Exploiting this vulnerability could allow an attacker to access protected information or cause...

6.2CVSS6.6AI score0.00254EPSS
Exploits0References48Affected Software6
BDU FSTEC
BDU FSTEC
added 2025/03/27 12:0 a.m.8 views

The vulnerability of the python-multipart streaming multi-component parser, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of the python-multipart streaming multi-component parser is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.8CVSS7.3AI score0.00644EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2025/03/20 10:15 a.m.5 views

CVE-2024-7983

In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until...

7.5CVSS7.3AI score
Exploits0References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.12 views

CVE-2024-9840

...

Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2024-7592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashe...

7.5CVSS6.6AI score0.02303EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/03/05 8:59 p.m.5 views

apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed...

4.3CVSS7AI score0.01249EPSS
Exploits0References5
OSV
OSV
added 2025/03/04 10:7 p.m.4 views

CLSA-2025-1741126041 bind: Fix of CVE-2024-11187

CVE-2024-11187: fix excessive resource usage by limiting additional section processing and adjusting resolver tests...

7.5CVSS6.9AI score0.14614EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/03 10:5 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the UtilescapeElement method. An attacker can cause high CPU consumption by providing malicious input. Details Denial of Service...

7.5CVSS6.8AI score0.00702EPSS
Exploits0References2
OSV
OSV
added 2025/02/21 1:37 p.m.3 views

OESA-2025-1168 etcd security update

%expand: Security Fixes: Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.CVE-2021-28235 Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.CVE-2022-3064 Etcd v3.5.4 allows remote...

9.8CVSS7AI score0.04561EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/02/19 2:26 p.m.12 views

bind: bind9: Many records in the additional section cause CPU exhaustion

A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...

7.5CVSS7.3AI score0.14614EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/02/19 8:42 a.m.1 views

bind: bind9: DNS-over-HTTPS implementation suffers from multiple issues under heavy query load

A flaw was found in BIND 9. By flooding a target resolver with HTTP/2 traffic and exploiting this flaw, an attacker could overwhelm the server, causing high CPU and/or memory usage and preventing other clients from establishing DoH connections. This issue could significantly impair the resolver's...

7.5CVSS5.7AI score0.16182EPSS
Exploits0References5
Rows per page
Query Builder