478 matches found
PT-2024-29681
Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.x through 1.1.1 OpenSSL versions 3.x through 3.0.5 OpenSSL versions prior to 17.0.5 Description Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allow...
PT-2024-7268
Name of the Vulnerable Software and Affected Versions: CPython versions prior to 3.13.0 Description: The issue is related to the 'http.cookies' standard library module in CPython. When parsing cookies that contain backslashes for quoted characters in the cookie value, the parser uses an algorithm...
The vulnerability of the TIFFReadEncodedStrip function in the LibTIFF library, which allows a hacker to trigger a service failure.
The vulnerability of the TIFFReadEncodedStrip function in the LibTIFF library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
CVE-2024-39702
In ljstrhash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function used during string interning allows HashDoS Hash Denial of Service attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service...
PT-2024-28641 · Openresty · Openresty
Name of the Vulnerable Software and Affected Versions: OpenResty versions 1.19.3.1 through 1.25.3.1 Description: The string hashing function in OpenResty allows HashDoS Hash Denial of Service attacks, which can cause excessive resource usage during proxy operations via crafted requests. This can...
SUSE CVE-2024-28176
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...
expat: parsing large tokens can trigger a denial of service
A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service...
PT-2024-4313 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.1 through 16.10.7 GitLab CE/EE versions 16.11 through 16.11.4 GitLab CE/EE versions 17.0 through 17.0.2 Description: An issue has been discovered in GitLab CE/EE that allows an attacker to cause a denial of service...
Kubeflow Security Vulnerabilities
Kubeflow is a cloud-native platform open-sourced by Kubeflow. A security vulnerability exists in Kubeflow that stems from vulnerability to a Regular Expression Denial of Service ReDoS attack, where an attacker can cause an application to consume excessive CPU resources by providing specially...
The vulnerability of the WSGI microweb framework for Python Bottle, related to improper handling of exception conditions, allows attackers to trigger a service failure.
The vulnerability of the WSGI Microweb framework for Python Bottle relates to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
octo-sts 安全漏洞
octo-sts is a Chainguard's GitHub security token service open-sourced by octo-sts. A security vulnerability exists in octo-sts versions prior to 0.1.0, which stems from the fact that an unauthenticated attacker can cause unlimited CPU and memory usage...
PT-2024-25689
Name of the Vulnerable Software and Affected Versions octo-sts versions prior to 0.1.0 Description The issue can cause a spike in resource utilization of the STS service. When combined with significant traffic volume, it could potentially lead to a denial of service. Excessively large requests ca...
Denial Of Service (DoS)
github.com/mattermost/mattermost-server is vulnerable to Denial Of Service. The vulnerability is due to insufficient limitation of the size of request paths that contain user inputs, allowing attackers to send large request paths, causing excessive resource usage...
CVE-2024-1726
A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...
CVE-2024-1726
Quarkus RESTEasy Reactive contains a denial-of-service vulnerability (CVE-2024-1726) where security checks for some inherited JAX-RS endpoints are performed after serialization, causing increased resource usage when an attacker knows POST/PUT/PATCH paths. This could lead to DoS as endpoints proce...
Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464)
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...
RHEL 8 / 9 : OpenShift Container Platform 4.14.4 (RHSA-2023:7473)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7473 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
CVE-2023-6489
Removed by vendor...
CVE-2023-6489 Inefficient Regular Expression Complexity in GitLab
A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature...
WordPress Plugin Code Embed 资源管理错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A resource management error vulnerability...