68 matches found
Design/Logic Flaw
Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended th...
CVE-2023-45150 Inviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive
Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended th...
CVE-2023-3614
Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file...
Mattermost 资源管理错误漏洞
Mattermost is an open source collaboration platform from the US company Mattermost. Mattermost suffers from a security vulnerability that stems from an inability to properly validate gif image files, which allows an attacker to link to a specially crafted image file to make the server unresponsiv...
CVE-2023-36461
Summary: Mastodon is vulnerable to a Denial of Service via slow HTTP responses due to slowloris-type attacks when performing outgoing HTTP queries. The root cause is that, prior to 3.5.9, 4.0.5, and 4.1.3, Mastodon could allow the duration of a response to be extended indefinitely by a malicious ...
SUSE CVE-2017-14339
The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive...
file-type: a malformed MKV file could cause the file type detector to get caught in an infinite loop
A flaw was found in the file-type npm package. A malformed MKV file could lead the file type detector to a denial of Service. This issue allows an attacker to input a malicious file and make the server unresponsive...
CVE-2022-36313
A flaw was found in the file-type npm package. A malformed MKV file could lead the file type detector to a denial of Service. This issue allows an attacker to input a malicious file and make the server unresponsive...
CVE-2022-35639
IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932...
CVE-2022-35639
IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932...
CVE-2021-27420
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...
CVE-2021-27420 GE UR family input validation
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...
Uncontrolled Resource Consumption in Apache Tomcat
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...
Mattermost: DoS via large console messages
Summary: When server console logging is enabled, it's possible to cause a complete denial of service to the server by submitting large text 64KB that gets output in the console log. This causes the server to become unavailable for all users. Steps To Reproduce: I set up my environment following t...
CVE-2020-11996
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...
CVE-2020-11996
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...
EulerOS Virtualization for ARM 64 3.0.6.0 : bind (EulerOS-SA-2020-1355)
According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespac...
CVE-2019-5419
There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...
HTTP Unauthorized Brute Force Attempt
A remote attacker can exploit this vulnerability by using HTTP brute force attempt. These attacks are aimed to cause the server to crash or become unresponsive...
Allocation of Resources Without Limits or Throttling
There is a possible denial of service vulnerability in Action View Rails where specially crafted accept headers can cause action view to consume % cpu and make the server unresponsive...