CVE-2024-24762

python-multipart is a streaming multipart parser for Python. When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header, including options. An attacker could send a custom-made Content-Type option that is very difficult for the RegEx to process, consumi...

CVE-2024-24762 python-multipart vulnerable to content-type header Regular expression Denial of Service

python-multipart is a streaming multipart parser for Python. When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header, including options. An attacker could send a custom-made Content-Type option that is very difficult for the RegEx to process, consumi...

Design/Logic Flaw

An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL...

CVE-2023-51890

An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL...

CVE-2023-49290

A flaw was found in JWX. This issue occurs when passing crafted input to the JWE key management algorithm, which may result in a denial of service by using an excessive amount of CPU resources...

Denial Of Service (DoS)

libsquid.so is vulnerable to Denial of Service DoS. The vulnerability occurs when an attacker sends a specially crafted HTTP Digest authentication request to a vulnerable Squid server. The request can cause the server to consume excessive CPU resources, leading to a DoS condition...

Amazon Linux AMI : php56 (ALAS-2023-1879)

The version of php56 installed on the remote host is prior to 5.6.40-1.144. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1879 advisory. In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause...

F5 Networks BIG-IP : Expat XML parser vulnerability (K51011533)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 13.1.5 / 14.1.4.2 / 14.1.4.5 / 15.1.3 / 15.1.4 / 16.0.1.2 / 16.1.0 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K51011533 advisory. - In libexpat in Expat before 2.2.7, X...

Denial Of Service (DoS)

torbot is vulnerable to Denial of Service DoS. An attacker is able to cause a denial-of-service DoS conditions on a vulnerable system by exploiting a regular expression that has exponential complexity by tricking a user into opening a malicious link or by sending a specially crafted HTTP request ...

Denial Of Service (DoS)

Mosquitto is vulnerable to Denial of Service DoS. This vulnerability exists in the packetwrite function in packetmosq.c because it does not properly validate user inputs , allowing an attacker to cause the mosquitto broker to consume excessive CPU resources by establishing a connection to the...

Security Bulletin: Multiple vulnerabilities in Apache Xerces2 Java XML Parser affect IBM Jazz Reporting Service

Summary There are multiple vulnerabilities in Apache Xerces2 Java XML Parser is used by IBM Jazz Reporting Service. IBM has addressed the relevant CVEs CVE-2012-0881, CVE-2013-4002, CVE-2022-23437 Vulnerability Details CVEID:CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial...

CVE-2023-42503 Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed...

Denial Of Service (DoS)

ryu is vulnerable to Denial of Service DoS attacks. The vulnerability occurs when Ryu parses a specially crafted OFPBundleCtrlMsg message with a queue length of zero, which results in an infinite loop, consuming excessive CPU resources and preventing other users from accessing the service...

Denial Of Service (DoS)

samba is vulnerable to Denial of Service DoS attacks. This vulnerability occurs when Samba parses a specially crafted RPC request. If the request is valid, Samba will enter an infinite loop. This could cause Samba to consume excessive CPU resources and eventually crash...

trust-dns vulnerable to Remote Attackers causing Denial-of-Service (packet loops) with crafted DNS packets

trust-dns and trust-dns-server are vulnerable to remotely triggered denial-of-service attacks, consuming both network and CPU resources. DNS messages with the QR=1 bit set are responded to with a FormErr response. This allows creating a traffic loop, in which these FormErr responses are sent...

Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar

Summary Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces2.9.0.v201101211617-4.8.0.jar. Hence org.apache.xerces2.9.0.v201101211617-4.8.0.jar upgraded to org.apache.xerces2.12.2.v201101211617-4.8.0.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2012-088...

K000133753: PHP vulnerability CVE-2023-0662

Security Advisory Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU...

Tenable SecurityCenter 5.22.0 / 5.23.1 / 6.0.0 Multiple Vulnerabilities (TNS-2023-18)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running 5.22.0 or 5.23.1 or 6.0.0 and and is therefore affected by multiple vulnerabilities in PHP prior to version 8.0.28 / 8.1.16 / 8.2.3: - In PHP 8.0.X before 8.0.28, 8.1.X before...

Security Bulletin: Vulnerabilities in Libxml2 affect System x Integrated Management Module (IMM) (CVE-2014-0191, CVE-2014-3660)

Summary Security vulnerabilities have been discovered in libxml2 which affect System x Integrated Management Module IMM. Vulnerability Details Summary Security vulnerabilities have been discovered in libxml2 which affect System x Integrated Management Module IMM. Vulnerability Details CVE-ID:...

NewStart CGSL CORE 5.05 / MAIN 5.05 : xchat Multiple Vulnerabilities (NS-SA-2023-0021)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has xchat packages installed that are affected by multiple vulnerabilities: - An error within the parserollei function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop...