Lucene search
+L

112 matches found

huntr
huntr
•added 2021/09/02 2:1 p.m.•14 views

Inefficient Regular Expression Complexity in nervjs/taro

āœļø Description A ReDoS regular expression denial of service flaw was found in the @tarojs/helper package. An attacker that is able to provide crafted input as url may cause an application to consume an excessive amount of CPU. šŸ•µļøā€ā™‚ļø Proof of Concept Create the following poc.mjs // PoC.mjs import...

7.8CVSS1.6AI score0.01262EPSS
Exploits1
nvd
nvd
•added 2021/08/30 8:15 p.m.•35 views

CVE-2021-39133

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all...

7.2CVSS0.00453EPSS
Exploits0References2
prion
prion
•added 2021/08/30 8:15 p.m.•18 views

Cross site request forgery (csrf)

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all...

6CVSS6.7AI score0.00453EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
•added 2021/08/30 8:15 p.m.•2 views

CVE-2021-39133

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all...

7.2CVSS6.1AI score0.00453EPSS
Exploits0References3Affected Software1
cnnvd
cnnvd
•added 2021/08/30 12:0 a.m.•4 views

Rundeckč·Øē«™čÆ·ę±‚ä¼Ŗé€ ę¼ę“ž

Rundeck is an open source automation service with a web console, command line tools and WebAPI from Rundeck, Inc. that is primarily used to run automation tasks. a cross-site request forgery vulnerability exists in Rundeck, which stems from the fact that users with access to the "system" resource...

7.2CVSS5.7AI score0.00453EPSS
Exploits0References3
nessus
nessus
•added 2021/08/25 12:0 a.m.•28 views

F5 Networks BIG-IP : BIG-IP HTTP vulnerability (K93231374)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.6 / 13.1.4 / 14.1.4 / 15.1.3 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K93231374 advisory. - On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before...

7.5CVSS7.5AI score0.00933EPSS
Exploits0References2
huntr
huntr
•added 2021/07/18 3:31 p.m.•33 views

Inefficient Regular Expression Complexity in liriliri/licia

āœļø Description A ReDoS regular expression denial of service flaw was found in the licia package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar to https://nvd.nist.gov/vuln/detail/CVE-2020-28500 šŸ•µļøā€ā™‚ļø...

0.6AI score0.07336EPSS
Exploits1
huntr
huntr
•added 2021/07/16 3:30 p.m.•32 views

Inefficient Regular Expression Complexity in apidoc/apidoc-core

āœļø Description A ReDoS regular expression denial of service flaw was found in the apidoc-core package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar attack ref:...

0.2AI score0.03732EPSS
Exploits1
nvd
nvd
•added 2021/06/22 8:15 p.m.•16 views

CVE-2021-32699

Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to 1.4.4 are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intend...

6.5CVSS0.00267EPSS
Exploits0References2
osv
osv
•added 2021/06/22 8:15 p.m.•16 views

CVE-2021-32699

Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to 1.4.4 are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intend...

6.5CVSS6.4AI score
Exploits0References2
cnvd
cnvd
•added 2021/02/25 12:0 a.m.•1 views

AutoTrace Resource Management Error Vulnerability

AutoTrace is a set of software for converting bitmap files Bitmap to vector files Vector. A resource management error vulnerability exists in Autotrace version 0.31.1, which arises from mismanagement of system resources e.g., memory, disk space, files, etc. by a networked system or product. No...

7.8CVSS6.5AI score0.00965EPSS
Exploits0References1
cnvd
cnvd
•added 2021/02/24 12:0 a.m.•9 views

Fleet Resource Management Error Vulnerability

Fleet is a host monitoring platform. A resource management error vulnerability exists in Fleet that arises from mismanagement of system resources e.g., memory, disk space, files, etc. by a networked system or product. No detailed vulnerability details are provided at this time...

4CVSS6.8AI score0.01941EPSS
Exploits0References1
bdu_fstec
bdu_fstec
•added 2021/02/08 12:0 a.m.•11 views

The vulnerability of the system resources management service of the Cisco Elastic Services Controller allows a attacker to trigger a service failure.

The vulnerability of the Cisco Elastic Services Controller, a system resource management service, is related to an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

5.3CVSS7.1AI score0.02524EPSS
Exploits0References2Affected Software1
nvd
nvd
•added 2021/02/06 3:15 a.m.•34 views

CVE-2021-22292

There is a denial of service DoS vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS...

7.8CVSS0.00904EPSS
Exploits0References1
prion
prion
•added 2021/02/06 3:15 a.m.•24 views

Denial of service

There is a denial of service DoS vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS...

7.8CVSS7.3AI score0.00904EPSS
Exploits0References1Affected Software1
cvelist
cvelist
•added 2021/02/06 2:9 a.m.•34 views

CVE-2021-22292

There is a denial of service DoS vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS...

7.6AI score0.00904EPSS
Exploits0References1
nvd
nvd
•added 2021/01/20 8:15 p.m.•28 views

CVE-2021-1312

A vulnerability in the system resource management of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to cause a denial of service DoS to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of kernel parameters for...

7.5CVSS6AI score0.02524EPSS
Exploits0References1
vulnrichment
vulnrichment
•added 2021/01/20 8:1 p.m.•9 views

CVE-2021-1312 Cisco Elastic Services Controller Denial of Service Vulnerability

A vulnerability in the system resource management of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to cause a denial of service DoS to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of kernel parameters for...

5.3CVSS7AI score0.02524EPSS
Exploits0References1
cisco
cisco
•added 2021/01/20 4:0 p.m.•48 views

Cisco Elastic Services Controller Denial of Service Vulnerability

A vulnerability in the system resource management of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to cause a denial of service DoS to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of kernel parameters for...

5.3CVSS6.2AI score0.02524EPSS
Exploits0References1
huawei
huawei
•added 2021/01/13 12:0 a.m.•23 views

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

There is a denial of service DoS vulnerability in some Huawei products. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS. Vulnerability ID: HWPSIRT-2020-01270 This...

7.8CVSS7.4AI score0.00904EPSS
Exploits0Affected Software1
Rows per page
Query Builder