Lucene search
+L

235 matches found

Vulnrichment
Vulnrichment
added 2024/07/10 10:57 p.m.11 views

CVE-2024-6036 Denial of Service in gaizhenbiao/chuanhuchatgpt

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fnindex":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or...

7.5CVSS6.8AI score0.10849EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/10 10:57 p.m.27 views

CVE-2024-6036 Denial of Service in gaizhenbiao/chuanhuchatgpt

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fnindex":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or...

7.5CVSS0.10849EPSS
Exploits1References1
OSV
OSV
added 2024/07/10 10:57 p.m.5 views

CVE-2024-6036 Denial of Service in gaizhenbiao/chuanhuchatgpt

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fnindex":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or...

7.5CVSS7AI score0.10849EPSS
Exploits1References3
CVE
CVE
added 2024/07/10 10:57 p.m.58 views

CVE-2024-6036

CVE-2024-6036 affects gaizhenbiao/chuanhuchatgpt v20240410. A vulnerability allows any user to restart the server by sending a request to the /queue/join? endpoint with "fn_index":66, leading to service disruption and potential data integrity issues. Several connected sources corroborate the issu...

9.1CVSS7.4AI score0.10849EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.9 views

PT-2024-37334 · Unknown · Gaizhenbiao/Chuanhuchatgpt

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version 20240410 Description: A vulnerability allows any user to restart the server at will by sending a specific request to the "/queue/join?" endpoint with fn index:66. This unrestricted server restart capability...

9.1CVSS7.4AI score0.10849EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.4 views

ChuanhuChatGPT Resource Management Error Vulnerability

ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. A resource management error vulnerability exists in ChuanhuChatGPT version 20240410, which originates from allowing any user to arbitrarily restart the server by sending a specific...

9.1CVSS6.8AI score0.10849EPSS
Exploits1References2
NVD
NVD
added 2024/06/24 7:15 p.m.30 views

CVE-2021-45785

TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery CSRF attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the vict...

6.5CVSS0.00254EPSS
Exploits1References1
OSV
OSV
added 2024/06/24 7:15 p.m.7 views

CVE-2021-45785

TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery CSRF attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the vict...

6.5CVSS6.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/24 12:0 a.m.16 views

CVE-2021-45785

TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery CSRF attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the vict...

6.7AI score0.00254EPSS
Exploits1References1
CVE
CVE
added 2024/06/24 12:0 a.m.83 views

CVE-2021-45785

Summary of CVE-2021-45785 (TruDesk) : TruDesk Help Desk/Ticketing Solution v1.1.11 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to restart the server, causing a DoS. The attacker must lure a privileged user to visit a page containing a GET request to th...

6.5CVSS6.7AI score0.00254EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/06/24 12:0 a.m.23 views

CVE-2021-45785

TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery CSRF attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the vict...

0.00254EPSS
Exploits1References1
Citrix
Citrix
added 2024/04/11 12:0 a.m.8 views

Driver Disk for Microsemi smartpqi 2.1.28_025 - For Citrix Hypervisor 8.2 Cumulative Update 1 LTSR

Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Microsemi's smartpqi driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- smartpqi| SAS/Storage Controller| 2.1.28025...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/04/10 12:21 p.m.3 views

argo-cd: Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss

A bypass of brute force protection flaw was found in Argo CD. Since login attempts are stored only in memory, every time the server restarts, that number is lost and unlimited login attempts can be made. It is possible to bypass brute force protections by chaining this issue with a denial of...

9.8CVSS5.7AI score0.00751EPSS
Exploits0References5
OSV
OSV
added 2024/02/29 10:14 p.m.15 views

GHSA-JQ57-3W7P-VWVV Docassemble unauthorized access through URL manipulation

Impact The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched...

7.5CVSS7.6AI score0.69486EPSS
Exploits2References4
Citrix
Citrix
added 2024/02/23 12:0 a.m.9 views

Driver Disk for Cisco enic 4.5.0.7-939.23 - For Citrix Hypervisor 8.2 LTSR

Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Cisco's enic driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- enic| Ethernet/NIC| 4.5.0.7-939.23 Issues resolved in...

7.1AI score
Exploits0
CNVD
CNVD
added 2023/12/13 12:0 a.m.50 views

Siemens SINEC INS Denial of Service Vulnerability (CNVD-2023-97253)

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. A denial of service vulnerability exists in Siemens SINEC INS, whic...

2.7CVSS6.8AI score0.00585EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/12/12 12:15 p.m.2 views

CVE-2023-48430

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically...

2.7CVSS5.8AI score0.00585EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/12/12 12:15 p.m.6 views

CVE-2023-48429

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automaticall...

2.7CVSS5.8AI score0.00585EPSS
Exploits0References2
OSV
OSV
added 2023/12/12 12:15 p.m.6 views

CVE-2023-48430

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically...

2.7CVSS5.7AI score0.00585EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/12 11:27 a.m.32 views

CVE-2023-48430

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically...

2.7CVSS4AI score0.00585EPSS
Exploits0References1
Rows per page
Query Builder