Lucene search
K

477 matches found

Snyk
Snyk
added 2024/03/12 8:7 p.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to the handling of specially crafted requests that may cause a resource leak. An attacker can cause a denial of service by sending these requests. Details Denial of Service DoS describes a family of attacks, al...

7.5CVSS7.1AI score0.03065EPSS
Exploits0References2
OSV
OSV
added 2024/03/09 1:15 a.m.2 views

UBUNTU-CVE-2024-28176

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

5.9CVSS6.6AI score0.02085EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:17 a.m.14 views

BIT-GITLAB-2021-39914

A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user...

5CVSS4.4AI score0.01036EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:2 a.m.16 views

BIT-DISCOURSE-2022-46159 Any authenticated Discourse user can create an unlisted topic

Discourse is an open-source discussion platform. In version 2.8.13 and prior on the stable branch and version 2.9.0.beta14 and prior on the beta and tests-passed branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take u...

4.3CVSS4.7AI score0.00605EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:58 a.m.29 views

BIT-JENKINS-2022-0538

Jenkins LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage...

7.5CVSS7.5AI score0.03841EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:54 a.m.19 views

BIT-CONSUL-2020-7219

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3...

7.5CVSS7.4AI score0.0201EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/02/28 12:0 a.m.6 views

Vulnerability of software for analyzing computer system resource usage in Intel System Usage Reports, related to improperly used standard permissions, allows attackers to increase their privileges.

The vulnerability of software for analyzing computer system resources in the Intel System Usage Report is related to the improper use of standard permissions. Exploiting this vulnerability can allow attackers to increase their privileges...

6.7CVSS6.6AI score0.00167EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2024/02/27 10:49 p.m.3 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.3 views

Suricata security breach

Suricata is a suite of network Intrusion Detection Systems IDS, Intrusion Prevention Systems IPS, and network security monitoring engines developed by the Open Information Security Foundation OISF and its supporting vendors, which supports multi-threading, built-in IPv6, and the ability to load...

7.5CVSS6.5AI score0.01164EPSS
Exploits0References18
BDU FSTEC
BDU FSTEC
added 2024/02/20 12:0 a.m.5 views

The vulnerability of the DNSSEC component of the DNS server BIND implementation allows a attacker to cause service failures.

The vulnerability of DNSSEC implementation in DNS server BIND is related to algorithmic complexity and unlimited resource distribution during the creation of a DNS zone. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS6.8AI score0.81729EPSS
Exploits1References25Affected Software11
OpenVAS
OpenVAS
added 2024/02/15 12:0 a.m.27 views

PowerDNS Recursor Multiple DoS Vulnerabilities (2024-01, KeyTrap)

PowerDNS Recursor is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.9AI score0.99995EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/02/13 3:59 a.m.3 views

SUSE CVE-2023-6681

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service...

5.3CVSS8.9AI score0.00884EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.3 views

Honeywell Niagara Framework 资源管理错误漏洞

Honeywell Niagara Framework is a platform for open building automation and Internet of Things IoT solutions from Honeywell. A denial of service vulnerability exists in Honeywell Niagara Framework that stems from uncontrolled resource consumption. An attacker could exploit the vulnerability to cau...

7.5CVSS6.6AI score0.00988EPSS
Exploits0References6
OSV
OSV
added 2024/02/12 2:15 p.m.2 views

DEBIAN-CVE-2023-6681

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service...

5.3CVSS5.5AI score0.00884EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.2 views

PT-2024-14946 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.11 through 16.6.6 GitLab CE/EE versions 16.7 through 16.7.4 GitLab CE/EE versions 16.8 through 16.8.1 Description: A denial of service issue was identified in GitLab CE/EE, which allows an attacker to increase the...

7.5CVSS6.6AI score0.00492EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2024/02/02 12:0 a.m.3 views

PT-2024-1623 · Qnap · Qnap Qts +2

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.1.5.2645 build 20240116 QNAP QuTS hero versions prior to h5.1.5.2647 build 20240118 QNAP QuTScloud versions prior to c5.1.5.2651 Description: An uncontrolled resource consumption issue has been reported, potential...

6.1CVSS4.9AI score0.00437EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/01/12 12:56 a.m.29 views

CVE-2024-21616 Junos OS: MX Series and SRX Series: Processing of a specific SIP packet causes NAT IP allocation to fail

An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service DoS. On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a...

7.5CVSS7.7AI score0.00531EPSS
Exploits0References2
NVD
NVD
added 2023/12/29 5:16 p.m.39 views

CVE-2023-51663

Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect OIDC email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change...

5.3CVSS0.00367EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/12/06 12:0 a.m.5 views

The vulnerability of the Mastodon web application for deploying distributed social networks, related to the unlimited distribution of resources, allows a hacker to cause a service failure.

The vulnerability of the Mastodon web application for deploying distributed social networks is related to the unlimited distribution of resources during HTTP request processing. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS7.3AI score0.01143EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/12/04 12:0 a.m.3 views

The vulnerability of the Knative Serving deployment and application management tool, related to uncontrolled resource consumption, allows a attacker to cause service failures.

The vulnerability of the Knative Serving deployment and application management tool is related to an uncontrolled resource consumption when processing endpoints in the /metrics directory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

6.8CVSS6.4AI score0.00867EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder