Lucene search
K

68 matches found

Prion
Prion
added 2023/10/16 8:15 p.m.27 views

Design/Logic Flaw

Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended th...

4CVSS4.6AI score0.00386EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/10/16 7:6 p.m.29 views

CVE-2023-45150 Inviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive

Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended th...

4.3CVSS4.9AI score0.00386EPSS
Exploits1References3
NVD
NVD
added 2023/07/17 4:15 p.m.20 views

CVE-2023-3614

Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file...

4.3CVSS0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/07/17 12:0 a.m.4 views

Mattermost 资源管理错误漏洞

Mattermost is an open source collaboration platform from the US company Mattermost. Mattermost suffers from a security vulnerability that stems from an inability to properly validate gif image files, which allows an attacker to link to a specially crafted image file to make the server unresponsiv...

4.3CVSS4.9AI score0.00317EPSS
Exploits0References2
CVE
CVE
added 2023/07/06 6:57 p.m.51 views

CVE-2023-36461

Summary: Mastodon is vulnerable to a Denial of Service via slow HTTP responses due to slowloris-type attacks when performing outgoing HTTP queries. The root cause is that, prior to 3.5.9, 4.0.5, and 4.1.3, Mastodon could allow the duration of a response to be extended indefinitely by a malicious ...

7.5CVSS7.5AI score0.01308EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.2 views

SUSE CVE-2017-14339

The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive...

7.8CVSS7.5AI score0.02528EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/02/09 11:35 a.m.5 views

file-type: a malformed MKV file could cause the file type detector to get caught in an infinite loop

A flaw was found in the file-type npm package. A malformed MKV file could lead the file type detector to a denial of Service. This issue allows an attacker to input a malicious file and make the server unresponsive...

5.5CVSS6.3AI score0.00389EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/01/10 12:5 p.m.35 views

CVE-2022-36313

A flaw was found in the file-type npm package. A malformed MKV file could lead the file type detector to a denial of Service. This issue allows an attacker to input a malicious file and make the server unresponsive...

5.5CVSS3.7AI score0.00389EPSS
Exploits0References3
NVD
NVD
added 2022/07/26 3:15 p.m.29 views

CVE-2022-35639

IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932...

7.5CVSS0.0086EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/26 2:25 p.m.30 views

CVE-2022-35639

IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932...

7.5CVSS7.3AI score0.0086EPSS
Exploits0References2
OSV
OSV
added 2022/03/23 8:15 p.m.4 views

CVE-2021-27420

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...

5.3CVSS6.4AI score0.0102EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/03/23 7:46 p.m.8 views

CVE-2021-27420 GE UR family input validation

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...

5.3CVSS5.3AI score0.0102EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/02/09 11:1 p.m.92 views

Uncontrolled Resource Consumption in Apache Tomcat

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...

7.5CVSS1.5AI score0.26699EPSS
Exploits0References32Affected Software2
Hacker One
Hacker One
added 2021/06/25 1:28 a.m.31 views

Mattermost: DoS via large console messages

Summary: When server console logging is enabled, it's possible to cause a complete denial of service to the server by submitting large text 64KB that gets output in the console log. This causes the server to become unavailable for all users. Steps To Reproduce: I set up my environment following t...

0.1AI score
Exploits0
Cvelist
Cvelist
added 2020/06/26 4:27 p.m.34 views

CVE-2020-11996

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...

7.5AI score0.26699EPSS
Exploits0References24
RedhatCVE
RedhatCVE
added 2020/06/26 1:50 p.m.45 views

CVE-2020-11996

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...

5CVSS1.4AI score0.26699EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2020/04/02 12:0 a.m.33 views

EulerOS Virtualization for ARM 64 3.0.6.0 : bind (EulerOS-SA-2020-1355)

According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespac...

7.5CVSS6.5AI score0.05415EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/10/30 4:28 a.m.39 views

CVE-2019-5419

There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...

7.8CVSS4AI score0.08671EPSS
Exploits3References4
Check Point Advisories
Check Point Advisories
added 2019/07/17 12:0 a.m.2 views

HTTP Unauthorized Brute Force Attempt

A remote attacker can exploit this vulnerability by using HTTP brute force attempt. These attacks are aimed to cause the server to crash or become unresponsive...

1.2AI score
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2019/03/27 12:0 a.m.33 views

Allocation of Resources Without Limits or Throttling

There is a possible denial of service vulnerability in Action View Rails where specially crafted accept headers can cause action view to consume % cpu and make the server unresponsive...

7.8CVSS4.2AI score0.08671EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder