68 matches found
Synchronous Access of Remote Resource without Timeout
Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Synchronous Access of Remote Resource without Timeout by using the option for connecting to an external filesystem via the sshfs-client. An attacker can cause the...
CVE-2024-8763
A Regular Expression Denial of Service ReDoS vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. The affected version is git be54057. An attacker can exploit this vulnerability by manipulating the regular expression /.?/g, causing the server ...
CVE-2024-12777
The CVE-2024-12777 entry describes a Denial of Service in aimhubio/aim 3.25.0 caused by misuse of the sshfs-client. The tracking server is single-threaded and can become unresponsive when asked to connect to an unresponsive socket via sshfs. The root cause is the lack of an additional timeout in ...
CVE-2025-0191 Denial of Service in gaizhenbiao/chuanhuchatgpt
A Denial of Service DoS vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...
CVE-2025-0191
CVE-2025-0191 affects gaizhenbiao/chuanhuchatgpt (v20240914). The DoS arises from improper handling of form-data with an oversized filename in the file-upload function. A payload with a very large filename can overwhelm the server, making it unresponsive and unavailable to legitimate users. The C...
CVE-2025-0191 Denial of Service in gaizhenbiao/chuanhuchatgpt
A Denial of Service DoS vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...
CVE-2025-0187 Denial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradio
A Denial of Service DoS vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...
CVE-2025-0187 Denial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradio
A Denial of Service DoS vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...
CVE-2024-12778 Denial of Service in aimhubio/aim
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service DoS attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...
CVE-2024-12537
Summary: CVE-2024-12537 affects open-webui/open-webui v0.3.32, where unauthenticated access to /api/v1/utils/code/format can be abused by a high-volume POST to trigger unresponsiveness. Documented impact is denial of service / service degradation. A remediation is available: upgrade to open-webui...
CVE-2024-8763 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
A Regular Expression Denial of Service ReDoS vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. The affected version is git be54057. An attacker can exploit this vulnerability by manipulating the regular expression /.?/g, causing the server ...
CVE-2024-7765 Denial of Service in h2oai/h2o-3
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...
Aim 资源管理错误漏洞
Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. Aim version 3.25.0 suffers from a resource management error vulnerability that stems from the tracking server's susceptibility to denial-of-service attacks, which may cause the server to be...
DEBIAN-CVE-2024-8418
A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...
UBUNTU-CVE-2024-8418
A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...
CVE-2024-8418 Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service
A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...
CVE-2024-8418
A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...
BIT-TOMCAT-2020-11996
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0 to 10.0.0, 9.0.0 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive...
BIT-MATTERMOST-2023-3614
Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file...
dotnet: .NET Denial of Service Vulnerability
A Denial of Service vulnerability was found in .NET Core project templates that utilize JWT-based authentication tokens. This issue may allow an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making...