Lucene search
+L

112 matches found

vulnrichment
vulnrichment
added 2025/05/22 2:51 p.m.6 views

CVE-2025-5024 Gnome-remote-desktop: uncontrolled resource consumption due to malformed rdp pdus

A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer bei...

7.4CVSS7.4AI score0.00822EPSS
Exploits0References13
veracode
veracode
added 2025/04/21 9:21 a.m.16 views

Sandbox Escape

CefSharp is vulnerable to Sandbox Escape. The vulnerability is due to improper handling of system resource handles in Mojo under certain unspecified conditions, allows a malicious file to exploit the flaw and escape the sandbox...

8.3CVSS6.7AI score0.08404EPSS
Exploits6References6Affected Software9
debian
debian
added 2025/04/06 11:23 p.m.12 views

[SECURITY] [DLA 4117-1] atop security update

Debian LTS Advisory DLA-4117-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara April 06, 2025 https://wiki.debian.org/LTS Package : atop Version : 2.6.0-2+deb11u1 CVE ID : CVE-2025-31160 It was discovered that Atop, a monitor tool for system resources...

2.9CVSS5.7AI score0.00192EPSS
Exploits0
cnnvd
cnnvd
added 2025/02/12 12:0 a.m.3 views

Intel System Security Report and System Resource Defense 竞争条件问题漏洞

Intel System Security Report and System Resource Defense is a security reporting and system resource defense firmware from Intel Corporation USA. Intel System Security Report and System Resource Defense suffers from a Competitive Condition Issue vulnerability that stems from the presence of a...

8.6CVSS6.5AI score0.00144EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/02/12 12:0 a.m.2 views

Intel System Security Report and System Resource Defense 竞争条件问题漏洞

Intel System Security Report and System Resources Defense is a security reporting and system resource defense firmware from Intel Corporation USA. Intel System Security Report and System Resource Defense suffers from a Competitive Condition Issue vulnerability that stems from the presence of a...

5.6CVSS5.6AI score0.00155EPSS
Exploits0References1
osv
osv
added 2025/02/06 7:9 a.m.11 views

BIT-CASSANDRA-2025-23015 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

8.8CVSS8AI score0.00964EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2025/02/04 9:37 a.m.10 views

CVE-2025-23015 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

7.3AI score0.00964EPSS
Exploits0References1
redhat
redhat
added 2024/12/12 8:0 p.m.9 views

spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource

A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a...

7.5CVSS7.3AI score0.14718EPSS
Exploits1References5
huntr
huntr
added 2024/10/28 4:42 a.m.6 views

Denial of Service(DOS) in KnowledgeBaseWebReader

Target Target Description KnowledgeBaseWebReader class recursively calls getarticleurls method. If the attacker can control a url variable to contain the root URL, it can lead to infinite recursive calls involving the same root URL repeatedly. This would cause a Denial of Service DoS scenario,...

5.9CVSS7.3AI score0.0064EPSS
Exploits1
veracode
veracode
added 2024/10/17 9:27 a.m.5 views

Denial Of Service (DoS)

The System.IO.Packaging library is vulnerable to Denial Of Service DoS. The vulnerability is due to the inadequate validation of untrusted inputs by the System.IO.Packaging library, allowing attackers to exploit complex operations and exhaust system resources...

7.5CVSS6.7AI score0.02935EPSS
Exploits0References5Affected Software4
redhat
redhat
added 2024/10/14 3:53 p.m.6 views

spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource

A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a...

7.5CVSS7.3AI score0.14718EPSS
Exploits1References5
osv
osv
added 2024/09/13 6:30 a.m.16 views

GHSA-CX7F-G6MP-7HQM Path traversal vulnerability in functional web frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.8AI score0.14718EPSS
Exploits1References5
osv
osv
added 2024/09/13 6:15 a.m.7 views

UBUNTU-CVE-2024-38816

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.7AI score0.14718EPSS
Exploits1References3
osv
osv
added 2024/08/16 2:15 p.m.7 views

CVE-2024-42464

Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References1
github
github
added 2024/06/28 9:5 p.m.23 views

Unlimited number of NTS-KE connections can crash ntpd-rs server

Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number ...

7.5CVSS7AI score0.00717EPSS
Exploits0References4Affected Software1
ibm
ibm
added 2024/06/20 6:24 p.m.24 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat [CVE-2023-52425]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat, caused by improper system resource allocation CVE-2023-52425. libexpat is included as a Base OS package used by our Speech Services. This vulnerabilitiy has been addressed...

7.5CVSS7.5AI score0.01815EPSS
Exploits1Affected Software1
ibm
ibm
added 2024/03/21 1:5 p.m.35 views

Security Bulletin: A security vulnerability has been disclosed in Expat, which is installed as part of IBM Tivoli Network Manager (CVE-2023-52425).

Summary A security vulnerability has been disclosed in the Expat library libexpat, which is installed as part of IBM Tivoli Network Manager. Information about this vulnerability has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat is vulnerab...

7.5CVSS6.8AI score0.01815EPSS
Exploits1Affected Software1
osv
osv
added 2024/03/06 11:7 a.m.32 views

BIT-NODE-2021-22883

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unabl...

7.8CVSS7AI score0.77385EPSS
Exploits0References11
cve
cve
added 2024/02/20 9:3 a.m.68 views

CVE-2024-25606

XXE vulnerability in Liferay Portal and Liferay DXP tracked as CVE-2024-25606 affects multiple versions (Liferay Portal 7.2.0–7.4.3.7; DXP 7.2/7.3/7.4 with specific updates). The underlying issue is in the Java2WsddTask._format method, allowing an attacker with permission to deploy widgets/portle...

8.7CVSS7.4AI score0.00497EPSS
Exploits0References1Affected Software2
vulnrichment
vulnrichment
added 2023/07/25 12:50 p.m.22 views

CVE-2023-3486 PaperCut NG Unauthenticated File Upload

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected...

8.2CVSS7.3AI score0.75794EPSS
Exploits0References2
Rows per page
Query Builder