Lucene search
K

16 matches found

OSV
OSV
added 2026/07/06 5:47 a.m.4 views

BIT-ACTIVEMQ-2026-50750 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

7.5CVSS5.9AI score0.00707EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 11:51 a.m.3 views

OPENSUSE-SU-2026:21057-1 Security update for libssh2_org

This update for libssh2org fixes the following issues - CVE-2026-55199: pre-Authentication DoS via SSHMSGEXTINFO Handler bsc1268530. - CVE-2026-55200: out-of-Bounds write via Unchecked packetlength in transport.c bsc1268531...

9.2CVSS7.4AI score0.00732EPSS
Exploits11References4
Cvelist
Cvelist
added 2026/06/17 6:44 p.m.27 views

CVE-2026-55199 libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

8.2CVSS0.00408EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/17 6:44 p.m.5 views

Unchecked Input for Loop Condition

Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition in the SSHMSGEXTINFO handler during the initial handshake process. An attacker can cause the client application to become unresponsive by sending a crafted extension count value that triggers an infini...

8.2CVSS7AI score0.00408EPSS
Exploits1References2
OSV
OSV
added 2026/05/15 7:50 a.m.6 views

SUSE-SU-2026:1868-1 Security update for firebird

This update for firebird fixes the following issues - CVE-2025-65104: Information leak vulnerability in firebird3 client when used with newer = 4 server bsc1262330. - CVE-2026-27890: Pre-Auth DOS bsc1262328. - CVE-2026-28212: One packet DoS bsc1262329. - CVE-2026-28214: Server hangs when using...

9.9CVSS5.9AI score0.01133EPSS
Exploits8References19
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.8 views

SUSE SLES16 Security Update : dovecot24 (SUSE-SU-2026:21208-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21208-1 advisory. - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031:...

8.2CVSS5.9AI score0.0079EPSS
Exploits6References31
Vulnrichment
Vulnrichment
added 2026/04/09 2:52 p.m.2 views

CVE-2026-35040 fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in verify functions can cause certain unintended behaviours. This is because some modifiers are statef...

5.3CVSS5.8AI score0.00383EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/30 9:42 p.m.10 views

CVE-2026-33952

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

6CVSS5.8AI score0.00271EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/03/24 4:57 a.m.11 views

MGASA-2024-0086 Updated nodejs-hawk packages fix security vulnerability

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

7.5CVSS6.6AI score0.01028EPSS
Exploits0References5
OSV
OSV
added 2023/12/04 11:15 p.m.5 views

CVE-2023-40459

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by...

7.5CVSS5.8AI score0.02296EPSS
Exploits2References1
F5 Networks
F5 Networks
added 2023/02/21 7:52 p.m.41 views

K15566: Kerberos vulnerability CVE-2014-4345

Security Advisory Description Off-by-one error in the krb5encodekrbsecretkey function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 aka krb5 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause...

8.5CVSS7.5AI score0.08085EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/11 8:38 p.m.8 views

CVE-2022-4498 A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...

9.7AI score0.01781EPSS
Exploits0References1
NVD
NVD
added 2018/07/10 7:29 p.m.17 views

CVE-2018-1116

A flaw was found in polkit before version 0.116. The implementation of the polkitbackendinteractiveauthoritycheckauthorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and informati...

4.7CVSS4.6AI score0.01196EPSS
Exploits0References5
n0where
n0where
added 2018/04/26 5:10 p.m.196 views

Wireless GUI Android Security Assessment: Hijacker

Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng, Airodump-ng , MDK3 and Reaver . It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses. This application requires an ARM android device with an...

0.4AI score
Exploits0References2
Exploit DB
Exploit DB
added 2016/05/10 12:0 a.m.39 views

Core FTP Server 32-bit Build 587 - Heap Overflow

-- coding: cp1252 -- Exploit Title: Core FTP Server 32-bit - Build 587 Heap Overflow Date: 05/10/2016 Exploit Author: Paul Purcell Contact: ptpxploit at gmail Vendor Homepage: http://www.coreftp.com/ Vulnerable Version Download: http://coreftp.com/server/download/archive/CoreFTPServer587.exe...

7.4AI score
Exploits0
NVD
NVD
added 2007/02/08 6:28 p.m.19 views

CVE-2006-6981

3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows remote attackers to cause a denial of service blocked account via unspecified vectors related to NTLM authentication, which causes a password hash to be overwritten...

5CVSS6.8AI score0.01202EPSS
Exploits0References2
Rows per page
Query Builder