CVE-2024-6038

A Regular Expression Denial of Service ReDoS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filterhistory function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history...

DEBIAN-CVE-2024-57941

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the non-cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled e.g. due to a DIO write on that file, future copying to the cache for that file is disabled until al...

TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025

Popular video-sharing social network TikTok has officially gone dark in the United States, as a federal ban on the app comes into effect on January 19, 2025. "We regret that a U.S. law banning TikTok will take effect on January 19 and force us to make our services temporarily unavailable," the...

CVE-2024-46464

In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege...

Denial Of Service (DoS)

Matrix-synapse is vulnerable to Denial Of Service. The vulnerability is due to insufficient rate limiting, allowing unauthenticated adversaries to trigger excessive remote media downloads and caching, potentially causing disk exhaustion and service unavailability...

CVE-2024-47578

CVE-2024-47578 affects SAP NetWeaver AS Java and Adobe Document Service. A vulnerability in Adobe Document Service allows an attacker with administrator privileges to craft a request from a vulnerable web application, used to target internal systems behind firewalls, resulting in a Server-Side Re...

CVE-2024-55566

CVE-2024-55566 affects ColPack 1.0.10 through 9a7293a. A predictable temporary file in /tmp (name derived from an unseeded RNG) can lead to overwriting files or making ColPack graphing unavailable to other users. The provided documents do not specify the exact patched version; Fedora advisories n...

kernel: of: module: add buffer overflow check in of_modalias()

A buffer overflow flaw was found in ofmodalias in the Linux kernel, occurring after the first snprintf call. This issue could result in loss of availability of the system...

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from the vulnerability of some Axis devices to attacks when processing certain Ethernet frames, which could result in Axis devices being unavailable in the network...

KLA77561 DoS vulnerability in Wireshark

Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories wnpa-sec-2024-14 · FiveCo RAP dissector infinite loop Related products Wireshark CVE list CVE-2024-11595 high Solution Update to the latest versio...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from STB unavailability detection...

kernel: of: module: add buffer overflow check in of_modalias()

A buffer overflow flaw was found in ofmodalias in the Linux kernel, occurring after the first snprintf call. This issue could result in loss of availability of the system...

kernel: of: module: add buffer overflow check in of_modalias()

A buffer overflow flaw was found in ofmodalias in the Linux kernel, occurring after the first snprintf call. This issue could result in loss of availability of the system...

PYSEC-2024-119

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service DOS attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT...

CVE-2024-7807

CVE-2024-7807 affects gaizhenbiao/chuanhuchatgpt at version 20240628, enabling unauthenticated Denial of Service via a crafted multipart boundary. An attacker can attach an excessive number of characters to the boundary, causing continuous processing and prolonged unavailability of the service. C...

CVE-2024-50311

CVE-2024-50311 affects OpenShift GraphQL batching, causing DoS through requests with thousands of aliases. Red Hat’s advisory RHSA-2024:6122 confirms a security update for OpenShift Container Platform 4.18.1 that addresses this issue; the CVSS base score is MEDIUM with availability impact. The af...

CVE-2024-50311

A denial of service DoS vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in o...

CVE-2024-9506

A flaw was found in Vue.js. Within the parseHTML function of html-parser.ts, there is a regular expression regex to check for proper closing tags for HTML. However, due to an improperly written regex, when you pass a script containing long text, it will trigger a regular expression denial of...

CVE-2024-9904

CVE-2024-9904 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.2.0. The flaw is in the function pictureUpload under /admin/File/pictureUpload, where manipulating the file argument enables unrestricted remote upload. Exploitation has been publicly disclosed; multiple sources corroborate th...

CVE-2024-45619

A vulnerability was found in OpenSC, OpenSC tools, PKCS11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer...