Lucene search
K

478 matches found

Positive Technologies
Positive Technologies
added 2024/08/25 12:0 a.m.6 views

PT-2024-29681

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.x through 1.1.1 OpenSSL versions 3.x through 3.0.5 OpenSSL versions prior to 17.0.5 Description Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allow...

7.8CVSS6.5AI score0.01083EPSS
Exploits0References78
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.6 views

PT-2024-7268

Name of the Vulnerable Software and Affected Versions: CPython versions prior to 3.13.0 Description: The issue is related to the 'http.cookies' standard library module in CPython. When parsing cookies that contain backslashes for quoted characters in the cookie value, the parser uses an algorithm...

7.8CVSS7.1AI score0.02303EPSS
Exploits1References241
BDU FSTEC
BDU FSTEC
added 2024/08/14 12:0 a.m.10 views

The vulnerability of the TIFFReadEncodedStrip function in the LibTIFF library, which allows a hacker to trigger a service failure.

The vulnerability of the TIFFReadEncodedStrip function in the LibTIFF library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS5.5AI score
Exploits0References5Affected Software2
OSV
OSV
added 2024/07/23 4:15 p.m.8 views

CVE-2024-39702

In ljstrhash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function used during string interning allows HashDoS Hash Denial of Service attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service...

5.9CVSS6.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/23 12:0 a.m.5 views

PT-2024-28641 · Openresty · Openresty

Name of the Vulnerable Software and Affected Versions: OpenResty versions 1.19.3.1 through 1.25.3.1 Description: The string hashing function in OpenResty allows HashDoS Hash Denial of Service attacks, which can cause excessive resource usage during proxy operations via crafted requests. This can...

5.9CVSS7.3AI score0.00556EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2024/06/16 3:53 a.m.2 views

SUSE CVE-2024-28176

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

5.9CVSS7.4AI score0.02085EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/06/13 2:34 p.m.2 views

expat: parsing large tokens can trigger a denial of service

A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service...

7.5CVSS6.8AI score0.01815EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/12 12:0 a.m.3 views

PT-2024-4313 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.1 through 16.10.7 GitLab CE/EE versions 16.11 through 16.11.4 GitLab CE/EE versions 17.0 through 17.0.2 Description: An issue has been discovered in GitLab CE/EE that allows an attacker to cause a denial of service...

6.8CVSS6.6AI score0.00575EPSS
Exploits0References14
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.4 views

Kubeflow Security Vulnerabilities

Kubeflow is a cloud-native platform open-sourced by Kubeflow. A security vulnerability exists in Kubeflow that stems from vulnerability to a Regular Expression Denial of Service ReDoS attack, where an attacker can cause an application to consume excessive CPU resources by providing specially...

7.5CVSS6.7AI score0.00649EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/05/27 12:0 a.m.6 views

The vulnerability of the WSGI microweb framework for Python Bottle, related to improper handling of exception conditions, allows attackers to trigger a service failure.

The vulnerability of the WSGI Microweb framework for Python Bottle relates to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

10CVSS7.4AI score0.01869EPSS
Exploits0References6Affected Software3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.3 views

octo-sts 安全漏洞

octo-sts is a Chainguard's GitHub security token service open-sourced by octo-sts. A security vulnerability exists in octo-sts versions prior to 0.1.0, which stems from the fact that an unauthenticated attacker can cause unlimited CPU and memory usage...

3.7CVSS4.8AI score0.00581EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.1 views

PT-2024-25689

Name of the Vulnerable Software and Affected Versions octo-sts versions prior to 0.1.0 Description The issue can cause a spike in resource utilization of the STS service. When combined with significant traffic volume, it could potentially lead to a denial of service. Excessively large requests ca...

3.7CVSS4.8AI score0.00581EPSS
Exploits0References9
Veracode
Veracode
added 2024/04/29 11:39 a.m.19 views

Denial Of Service (DoS)

github.com/mattermost/mattermost-server is vulnerable to Denial Of Service. The vulnerability is due to insufficient limitation of the size of request paths that contain user inputs, allowing attackers to send large request paths, causing excessive resource usage...

3.1CVSS6.8AI score0.00537EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2024/04/25 5:15 p.m.15 views

CVE-2024-1726

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...

5.3CVSS5.2AI score0.00721EPSS
Exploits0References3
CVE
CVE
added 2024/04/25 4:29 p.m.125 views

CVE-2024-1726

Quarkus RESTEasy Reactive contains a denial-of-service vulnerability (CVE-2024-1726) where security checks for some inherited JAX-RS endpoints are performed after serialization, causing increased resource usage when an attacker knows POST/PUT/PATCH paths. This could lead to DoS as endpoints proce...

5.3CVSS6.5AI score0.00721EPSS
Exploits0References3
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.35 views

Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464)

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

7.5CVSS6.8AI score0.03658EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/04/17 12:0 a.m.24 views

RHEL 8 / 9 : OpenShift Container Platform 4.14.4 (RHSA-2023:7473)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7473 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

8CVSS7.1AI score0.01815EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2024/04/12 12:53 a.m.16 views

CVE-2023-6489

Removed by vendor...

6.5CVSS5.8AI score0.00601EPSS
Exploits0
OSV
OSV
added 2024/04/12 12:53 a.m.6 views

CVE-2023-6489 Inefficient Regular Expression Complexity in GitLab

A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature...

4.3CVSS6.3AI score0.00601EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.7 views

WordPress Plugin Code Embed 资源管理错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A resource management error vulnerability...

6.5CVSS8.7AI score0.00449EPSS
Exploits0References2
Rows per page
Query Builder