92 matches found
EUVD-2024-1025
Malicious code in bioql PyPI...
EUVD-2024-21278
Malicious code in bioql PyPI...
PT-2025-32158
Name of the Vulnerable Software and Affected Versions Hugging Face Transformers versions up to 4.51.3 Description A Regular Expression Denial of Service ReDoS vulnerability exists in the convert tf weight name to pt weight name function of the Hugging Face Transformers library. This function, whi...
Denial Of Service (DoS)
resolv library is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient validation of the length of a decompressed domain name in a DNS packet, which allows an attacker to craft a maliciously compressed DNS packet that consumes excessive CPU during name decompression...
CVE-2025-42954
CVE-2025-42954 affects SAP NetWeaver Business Warehouse CCAW. A privileged attacker can cause high CPU load by calling RFC-enabled function modules without input parameters, leading to reduced availability (low impact) with no confidentiality or integrity impact. Public details across sources con...
CVE-2020-20248
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU...
CVE-2020-20221
Mikrotik RouterOs before 6.44.6 long-term tree suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU...
CVE-2020-20230
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU...
CVE-2025-1194
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...
CVE-2025-21601
An Improper Following of Specification by Caller vulnerability in web management J-Web, Captive Portal, 802.1X, Juniper Secure Connect JSC of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine...
CVE-2025-29908
Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability in the hash map used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections...
Linux Distros Unpatched Vulnerability : CVE-2023-29408
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image both in terms o...
CVE-2024-12705
Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...
CVE-2024-5594
OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...
spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression
A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...
SUSE CVE-2024-23184
Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...
SUSE-SU-2024:1273-1 Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001335 fixes one issue. The following security issue was fixed: - CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU bsc1219296...
bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...
OESA-2024-1324 bind security update
Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fixes: The DNS...
bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...