CVE-2024-12663

A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. This vulnerability affects unknown code of the file /mee/login of the component Login. The manipulation of the argument username leads to observable response discrepancy. The attack can be initiated remotely. The...

CVE-2024-8233 Inefficient Algorithmic Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request...

CVE-2024-8233 Inefficient Algorithmic Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request...

cpython: python: Uncontrolled CPU resource consumption when in http.cookies module

A flaw was found in the http.cookies module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption...

CVE-2024-12483

A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack i...

GitLab 9.4 < 17.4.6 / 17.5 < 17.5.4 / 17.6 < 17.6.2 (CVE-2024-8233)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Inefficient Algorithmic Complexity in GitLab CVE-2024-8233 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

CVE-2024-12483 Dromara UJCMS User ID id authorization

A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack i...

CVE-2024-12483

CVE-2024-12483 affects Dromara UJCMS up to version 9.6.3, via an insecure direct object reference in the file path component “/users/id” of the User ID Handler. The vulnerability enables unauthenticated or remote exploitation that leads to an authorization bypass, with attackers able to discover ...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to inefficient algorithmic complexity, allows attackers to trigger service interruptions.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to its inefficient algorithmic complexity. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service interruptions...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to inefficient algorithmic complexity, allows attackers to trigger service interruptions.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to its inefficient algorithmic complexity. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using a specially created file called...

GHSA-C2PC-G5QF-RFRF league/commonmark's quadratic complexity bugs may lead to a denial of service

Impact Several polynomial time complexity issues in league/commonmark may lead to unbounded resource exhaustion and subsequent denial of service. Malicious users could trigger that inefficient code with carefully crafted Markdown inputs that are specifically designed to ensure the worst-case...

league/commonmark's quadratic complexity bugs may lead to a denial of service

Impact Several polynomial time complexity issues in league/commonmark may lead to unbounded resource exhaustion and subsequent denial of service. Malicious users could trigger that inefficient code with carefully crafted Markdown inputs that are specifically designed to ensure the worst-case...

The vulnerability of the Ruby Syntax Detector component of the JetBrains YouTrack project management and task management software allows a hacker to trigger a service failure.

The vulnerability of the Ruby Syntax Detector component of the JetBrains YouTrack project management and task management software is related to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow an attacker to cause service interruptions...

python-tornado: Tornado has HTTP cookie parsing DoS vulnerability

A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...

Regular expression Denial of Service - ReDoS

Description A Regular Expression Denial of Service ReDoS vulnerability identified in the Transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issue...

How to Modify the Security & Compliance Analyzer's Password Complexity and Length Validation Check

Purpose This article documents how to adjust the Encryption Password Complexity and Length Validation check portion of the Security & Compliance Analyzer. Starting in Veeam Backup & Replication 12.3, encryption passwords will automatically be checked to see if they meet specific length and...

Why Cybercriminals Are Not Necessarily Embracing AI

As published in HackerNoon and featured as a “Top 20 Best Read Article” for AI. Introduction The rapid advancement of AI has offered powerful tools for malware detection, but it has also introduced new avenues for adversarial attacks. As an example, recently OpenAI reported threat actors abusing...

The vulnerability of the software platform based on Git for collaborative code development in GitLab EE/CE lies in its algorithmic complexity, which allows attackers to trigger service interruptions.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE is related to algorithmic complexity. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service interruptions...

CVE-2024-52008

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...

CVE-2024-52008

Fides (open-source privacy engineering platform) has a password policy bypass in its invite flow. The /api/v1/user/accept-invite endpoint does not enforce the server-side password policy, allowing an invited user to set an arbitrarily weak password during initial account setup despite UI client-s...