Lucene search
K

477 matches found

RedHat Linux
RedHat Linux
added 2023/11/24 4:57 p.m.4 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.6 views

The vulnerability of the g_variant_byteswap() function in the Glib library, which allows a hacker to cause a service failure.

The vulnerability of the gvariantbyteswap function in the Glib library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.6AI score0.00376EPSS
Exploits0References14Affected Software7
Microsoft CVE
Microsoft CVE
added 2023/10/30 7:0 a.m.5 views

Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning

...

8CVSS7.2AI score0.01072EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/10/25 2:22 p.m.54 views

Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning

Werkzeug multipart data parser needs to find a boundary that may be between consecutive chunks. That's why parsing is based on looking for newline characters. Unfortunately, code looking for partial boundary in the buffer is written inefficiently, so if we upload a file that starts with CR or LF...

8CVSS7.1AI score0.01072EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2023/10/24 11:48 p.m.32 views

CVE-2023-46136 Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk b...

8CVSS7.8AI score0.01072EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/10/20 2:54 p.m.3 views

golang: net/http, mime/multipart: denial of service from excessive resource consumption

A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...

7.5CVSS6.7AI score0.01231EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/10/20 2:54 p.m.68 views

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats) security update

An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.2.5 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

9.8CVSS7.1AI score0.99999EPSS
Exploits19References11
OSV
OSV
added 2023/10/19 12:33 p.m.29 views

GHSA-72QW-P7HH-M3FF TorBot vulnerable to Inefficient Regular Expression Complexity in validate_link

Summary The torbot.modules.validators.validatelink function uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument.. Details...

4.6CVSS5.7AI score0.00797EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2023/10/18 7:59 a.m.6 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
RedHat Linux
RedHat Linux
added 2023/10/17 9:24 a.m.6 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
Kitploit
Kitploit
added 2023/10/02 11:30 a.m.29 views

Apepe - Enumerate Information From An App Based On The APK File

Apepe is a Python tool developed to help pentesters and red teamers to easily get information from the target app. This tool will extract basic informations as the package name, if the app is signed and the development language... Installing / Getting started A quick guide of how to install and u...

7.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/15 12:0 a.m.29 views

Oracle Linux 8 : python-werkzeug (ELSA-2023-12709)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-12709 advisory. - Fix CVE-2023-23934 Orabug: 35662419 - Fix CVE-2023-25577 Orabug: 35662419 Tenable has extracted the preceding description block directly from the...

7.5CVSS6.5AI score0.0142EPSS
Exploits0References3
OSV
OSV
added 2023/08/11 3:15 a.m.4 views

DEBIAN-CVE-2023-28938

Uncontrolled resource consumption in some IntelR SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access...

4.4CVSS4.7AI score0.00226EPSS
Exploits0References1
Veracode
Veracode
added 2023/08/06 8:7 p.m.19 views

Regular Expression Denial Of Service (ReDoS)

gitlab is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists because the library causes excessive usage of resources when a maliciously crafted username is used when provisioning a new user...

4.3CVSS6.7AI score0.01036EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.2 views

PT-2023-25557 · Openstack · Openstack Neutron

Name of the Vulnerable Software and Affected Versions: openstack-neutron affected versions not specified Description: An uncontrolled resource consumption flaw was found in openstack-neutron, allowing a remote authenticated user to query a list of security groups for an invalid project. This issu...

6.5CVSS5.1AI score0.00969EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/07/14 2:4 a.m.3 views

SUSE CVE-2023-29449

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles Admin and Superadmin. Administrative privileges should be typically granted ...

5.9CVSS6.9AI score0.00992EPSS
Exploits0References3
OSV
OSV
added 2023/07/13 9:15 a.m.3 views

DEBIAN-CVE-2023-29449

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles Admin and Superadmin. Administrative privileges should be typically granted ...

4.9CVSS5.5AI score0.00992EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.52 views

RHEL 9 : openssl (RHSA-2023:3722)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3722 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

7.5CVSS7.2AI score0.73461EPSS
Exploits0References25
RedHat Linux
RedHat Linux
added 2023/06/21 2:51 p.m.79 views

Moderate: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.9AI score0.73461EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2023/06/21 2:51 p.m.3 views

openssl: Denial of service by excessive resource usage in verifying X509 policy constraints

A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

7.5CVSS6.6AI score0.03658EPSS
Exploits0References5
Rows per page
Query Builder