Lucene search
K

68 matches found

Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Synchronous Access of Remote Resource without Timeout

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Synchronous Access of Remote Resource without Timeout by using the option for connecting to an external filesystem via the sshfs-client. An attacker can cause the...

8.2CVSS7AI score0.00442EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:15 a.m.5 views

CVE-2024-8763

A Regular Expression Denial of Service ReDoS vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. The affected version is git be54057. An attacker can exploit this vulnerability by manipulating the regular expression /.?/g, causing the server ...

7.5CVSS6.9AI score0.00761EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:11 a.m.55 views

CVE-2024-12777

The CVE-2024-12777 entry describes a Denial of Service in aimhubio/aim 3.25.0 caused by misuse of the sshfs-client. The tracking server is single-threaded and can become unresponsive when asked to connect to an unresponsive socket via sshfs. The root cause is the lack of an additional timeout in ...

5.9CVSS5.7AI score0.00442EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/20 10:10 a.m.5 views

CVE-2025-0191 Denial of Service in gaizhenbiao/chuanhuchatgpt

A Denial of Service DoS vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...

6.5CVSS6.6AI score0.00544EPSS
Exploits1References3
CVE
CVE
added 2025/03/20 10:10 a.m.58 views

CVE-2025-0191

CVE-2025-0191 affects gaizhenbiao/chuanhuchatgpt (v20240914). The DoS arises from improper handling of form-data with an oversized filename in the file-upload function. A payload with a very large filename can overwhelm the server, making it unresponsive and unavailable to legitimate users. The C...

6.5CVSS6.5AI score0.00544EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.12 views

CVE-2025-0191 Denial of Service in gaizhenbiao/chuanhuchatgpt

A Denial of Service DoS vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...

6.5CVSS0.00544EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.12 views

CVE-2025-0187 Denial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradio

A Denial of Service DoS vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...

7.5CVSS7.6AI score0.00681EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.16 views

CVE-2025-0187 Denial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradio

A Denial of Service DoS vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...

7.5CVSS0.00681EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.4 views

CVE-2024-12778 Denial of Service in aimhubio/aim

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service DoS attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...

7.5CVSS7.5AI score0.00727EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.89 views

CVE-2024-12537

Summary: CVE-2024-12537 affects open-webui/open-webui v0.3.32, where unauthenticated access to /api/v1/utils/code/format can be abused by a high-volume POST to trigger unresponsiveness. Documented impact is denial of service / service degradation. A remediation is available: upgrade to open-webui...

7.5CVSS7.7AI score0.00879EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/20 10:8 a.m.4 views

CVE-2024-8763 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary

A Regular Expression Denial of Service ReDoS vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. The affected version is git be54057. An attacker can exploit this vulnerability by manipulating the regular expression /.?/g, causing the server ...

7.5CVSS7.4AI score0.00761EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/20 10:8 a.m.12 views

CVE-2024-7765 Denial of Service in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...

7.5CVSS0.00719EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

Aim 资源管理错误漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. Aim version 3.25.0 suffers from a resource management error vulnerability that stems from the tracking server's susceptibility to denial-of-service attacks, which may cause the server to be...

7.5CVSS7.4AI score0.0059EPSS
Exploits1References1
OSV
OSV
added 2024/09/04 3:15 p.m.2 views

DEBIAN-CVE-2024-8418

A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...

7.5CVSS7.2AI score0.00759EPSS
Exploits1References1
OSV
OSV
added 2024/09/04 3:15 p.m.2 views

UBUNTU-CVE-2024-8418

A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...

7.5CVSS5.7AI score0.00759EPSS
Exploits1References8
OSV
OSV
added 2024/09/04 2:24 p.m.7 views

CVE-2024-8418 Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service

A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...

7.5CVSS7AI score0.00759EPSS
Exploits1References9
AlpineLinux
AlpineLinux
added 2024/09/04 2:24 p.m.13 views

CVE-2024-8418

A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...

7.5CVSS7.3AI score0.00759EPSS
Exploits1
OSV
OSV
added 2024/03/06 11:11 a.m.175 views

BIT-TOMCAT-2020-11996

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0 to 10.0.0, 9.0.0 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive...

7.5CVSS7.1AI score0.26699EPSS
Exploits0References25
OSV
OSV
added 2024/03/06 10:59 a.m.23 views

BIT-MATTERMOST-2023-3614

Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file...

4.3CVSS4.2AI score0.00317EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/01/10 3:44 p.m.4 views

dotnet: .NET Denial of Service Vulnerability

A Denial of Service vulnerability was found in .NET Core project templates that utilize JWT-based authentication tokens. This issue may allow an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making...

6.8CVSS5.7AI score0.02868EPSS
Exploits0References5
Rows per page
Query Builder