Lucene search
K

2565 matches found

Vulnrichment
Vulnrichment
added 2023/11/28 5:59 p.m.9 views

CVE-2023-42504 Apache Superset: Lack of rate limiting allows for possible denial of service

An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0...

5.8CVSS5.8AI score0.0114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.4 views

PT-2023-28378 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.0.0 Description: The issue allows an authenticated malicious user to initiate multiple concurrent requests, each requesting multiple dashboard exports. This could lead to a possible denial of service...

6.5CVSS7AI score0.0114EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2023/11/21 12:0 a.m.4 views

The vulnerability of the `qxl_gem_object_create_with_handle()` function in the `drivers/gpu/drm/qxl/qxl_gem.c` file of the Linux operating system’s kernel driver QXL allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the qxlgemobjectcreatewithhandle function in the drivers/gpu/drm/qxl/qxlgem.c driver of the Linux operating system is related to the reutilization of previously freed memory due to concurrent access to resources. Exploiting this vulnerability could allow an attacker to...

7.5CVSS6.4AI score0.0042EPSS
Exploits0References24Affected Software2
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.8 views

The getPriceAndFee() function performs calculations without implementing reentrancy protection.

Lines of code Vulnerability details Impact An attacker could call getPriceAndFee multiple times concurrently, read intermediate state, and craft calls to exploit any assumptions made between calculations. This could undermine the intended bonding curve pricing logic. Proof of Concept getPriceAndF...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.3 views

kernel: drm/i915/active: Fix misuse of non-idle barriers as fence trackers

In the Linux kernel, the following vulnerability has been resolved: drm/i915/active: Fix misuse of non-idle barriers as fence trackers Users reported oopses on list corruptions when using i915 perf with a number of concurrently running graphics applications. Root cause analysis pointed at an issu...

5.5CVSS6.3AI score0.00162EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.3 views

kernel: net/sched: flower: fix filter idr initialization

A flaw was found in the Linux kernel’s networking traffic control flower classifier. The initialization of the filter IDR was moved too early in the flchange path, allowing concurrent access by multiple users while the structure was still in an inconsistent state. Under certain conditions, this...

5.8AI score0.00155EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.2 views

kernel: iommufd: IOMMUFD_DESTROY should not increase the refcount

A race condition was identified in the iommufd subsystem of the Linux kernel where the IOMMUFDDESTROY command incorrectly increments an object’s reference count without holding the expected exclusive synchronization destroyrwsem. This violates the assumption that temporary reference count...

7.3AI score0.00155EPSS
Exploits0References5
OSV
OSV
added 2023/11/01 10:39 p.m.139 views

GO-2023-2153 Denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc

An attacker can send HTTP/2 requests, cancel them, and send subsequent requests. This is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit, grpc.MaxConcurrentStreams. This results in a denial of...

7.5CVSS7.7AI score0.99999EPSS
Exploits19References2
OSV
OSV
added 2023/10/25 9:17 p.m.59 views

GHSA-M425-MQ94-257G gRPC-Go HTTP/2 Rapid Reset vulnerability

Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit...

7.5CVSS7.8AI score0.99999EPSS
Exploits19References5
Github Security Blog
Github Security Blog
added 2023/10/25 9:17 p.m.98 views

gRPC-Go HTTP/2 Rapid Reset vulnerability

Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/25 2:22 p.m.54 views

Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning

Werkzeug multipart data parser needs to find a boundary that may be between consecutive chunks. That's why parsing is based on looking for newline characters. Unfortunately, code looking for partial boundary in the buffer is written inefficiently, so if we upload a file that starts with CR or LF...

8CVSS7.1AI score0.01072EPSS
Exploits0References9Affected Software1
Talos Blog
Talos Blog
added 2023/10/11 11:6 p.m.59 views

What to know about the HTTP/2 Rapid Reset DDoS attacks

Cisco Talos is actively tracking the novel distributed denial-of-service DDoS attacks cloud services provider Cloudflare disclosed earlier this week. The techniques described in Cloudflares blog post resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future...

5CVSS7.2AI score0.99999EPSS
Exploits19
OSV
OSV
added 2023/10/11 10:15 p.m.15 views

AZL-31310 CVE-2023-39325 affecting package golang for versions less than 1.20.7-2

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/11 10:15 p.m.8 views

AZL-33330 CVE-2023-39325 affecting package packer for versions less than 1.8.7-2

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/11 10:15 p.m.12 views

AZL-37440 CVE-2023-39325 affecting package golang for versions less than 1.21.6-1

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/11 10:15 p.m.13 views

AZL-34996 CVE-2023-39325 affecting package moby-containerd-cc for versions less than 1.7.1-5

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/11 10:15 p.m.8 views

AZL-43741 CVE-2023-39325 affecting package nmi 1.8.17-6

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/11 10:15 p.m.15 views

AZL-39652 CVE-2023-39325 affecting package kata-containers for versions less than 3.2.0.azl4-1

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/11 10:15 p.m.11 views

AZL-31646 CVE-2023-39325 affecting package moby-containerd for versions less than 1.6.22-2

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/11 10:15 p.m.11 views

AZL-35514 CVE-2023-39325 affecting package kata-containers for versions less than 3.2.0.azl2-1

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
Rows per page
Query Builder