CVE-2024-43789

Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users...

CVE-2024-6036

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fnindex":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or...

CVE-2024-42038

Vulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability...

CVE-2025-21218 Windows Kerberos Denial of Service Vulnerability

...

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

...

What To Do When You’re Under a DDoS Attack: A Guide to Action

...

Denial Of Service (DoS)

Kube-controller-manager is vulnerable to denial of service. The vulnerability is due to a missing .spec.behavior.scaleUp block in the HPA YAML file, causing kube-controller-manager pods to enter a restart loop and disrupt service availability. It allows an attacker to trigger a DoS by deploying t...

python-tornado: Tornado has HTTP cookie parsing DoS vulnerability

A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...

The vulnerability of the gsm_cleanup_mux() function in the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the gsmcleanupmux function in the drivers/tty/ngsm.c kernel module of the Linux operating system is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...

Apache ZooKeeper Authentication Bypass Vulnerability

Apache ZooKeeper is a centralized service under the Apache Software Foundation for maintaining configuration information, naming, providing distributed synchronization, and providing group services. An authentication bypass vulnerability exists in Apache ZooKeeper versions prior to 3.9.3. The...

Apache ZooKeeper 3.9.x < 3.9.3 Authentication Bypass

The version of Apache ZooKeeper listening on the remote host is 3.9.x prior to 3.9.3. It is, therefore, affected by an authentication bypass vulnerability: - When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only...

CVE-2024-51504

An authentication bypass vulnerability was found in Apache Zookeeper. The default configuration of the client's IP address detection in IPAuthenticationProvider, which uses HTTP request headers, is weak and allows an attacker to bypass authentication by spoofing the client's IP address in request...

GHSA-G93M-8X6H-G5GV Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

CVE-2024-51504

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

CVE-2024-51504

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

CVE-2024-51504

CVE-2024-51504 affects ZooKeeper Admin Server via IPAuthenticationProvider. Default IP detection uses HTTP headers (X-Forwarded-For) and can be spoofed, leading to authentication bypass for IP-based auth. Admin commands like snapshot/restore may be exploited after bypass. Impact: potential inform...

CVE-2024-51504 Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

6 Steps for Cyber Resilience During the 2024 U.S. Presidential Election

Learn about the risks to service availability during the 2024 U.S. presidential election — and the six steps you can take now to ensure your cyber resilience...

The vulnerability of the formSetEnableWizard (/goform/formSetEnableWizard) function in D-Link DIR-605L router microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formSetEnableWizard /goform/formSetEnableWizard function in D-Link DIR-605L router microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the...

The vulnerabilities of the functions tcrit1store() and tcrit2store() in the Linux operating system’s kernel hwmon driver allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the functions tcrit1store and tcrit2store in the driver hwmon/lm95234.c of the Linux kernel’s hardware monitoring driver is related to integer overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of th...