1117 matches found
CVE-2024-41655 TF2 Item Format Regular Expression Denial of Service vulnerability
TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...
GHSA-8H55-Q5QQ-P685 (ReDoS) Regular Expression Denial of Service in tf2-item-format
Summary Versions of tf2-item-format since at least 4.2.6 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. Tested Versions - 5.9.13 - 5.8.10 - 5.7.0 - 5.6.17 - 4.3.5 - 4.2.6 v5 Upgrade package to ^5.9.14 v4 No patch exists. Please consult the v...
(ReDoS) Regular Expression Denial of Service in tf2-item-format
Summary Versions of tf2-item-format since at least 4.2.6 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. Tested Versions - 5.9.13 - 5.8.10 - 5.7.0 - 5.6.17 - 4.3.5 - 4.2.6 v5 Upgrade package to ^5.9.14 v4 No patch exists. Please consult the v...
CVE-2024-21125
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2024-21177
CVE-2024-21177 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.37 and earlier, 8.4.0 and earlier. Issue: low-privileged attacker with network access via multiple protocols can cause a hang or frequent crash (DoS). CVSS: 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Remediation/p...
RHEL 8 : git-lfs (RHSA-2024:4546)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4546 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...
Microsoft Windows Multiple Vulnerabilities (KB5040442, Blast-RADIUS)
This host is missing an important security update according to Microsoft KB5040442 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
CVE-2024-3653 Undertow: learningpushhandler can lead to remote memory dos attacks
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...
CVE-2024-5208 Uncontrolled Resource Consumption in mintplex-labs/anything-llm
An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service DOS by shutting down the server through sending invalid upload requests. Specifically, the server can be made to sh...
SUSE-FU-2024:2078-1 Feature update for rabbitmq-server313, erlang26, elixir115
This update for rabbitmq-server313, erlang26, elixir115 fixes the following issues: rabbitmq-server was implemented with a parallel versioned RPM package at version 3.13.1 jscPED-8414: - Security issues fixed: CVE-2021-22116: Fixed improper input validation that may lead to Denial of Sercice DoS...
CVE-2024-5211
A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored in...
PT-2024-35123 · Unknown · Anything-Llm
Name of the Vulnerable Software and Affected Versions: anything-llm affected versions not specified Description: A path traversal issue allows a manager to bypass the normalizePath function, enabling them to read, delete, or overwrite the 'anythingllm.db' database file and other files in the...
CVE-2024-34688
Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availabilit...
CVE-2024-34688
CVE-2024-34688 affects SAP NetWeaver AS Java where unrestricted access to the Meta Model Repository services can let attackers cause DoS, impacting availability with no confidentiality/integrity impact. Affected product: SAP NetWeaver AS Java (Meta Model Repository). Root cause: unrestricted acce...
CVE-2024-34688 Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)
Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availabilit...
SUSE SLED15: apache2 / apache2-devel / apache2-event / apache2-manual / etc (SUSE-SU-2024:1963-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1963-1 advisory. - CVE-2023-38709: Fixed HTTP response splitting bsc1222330. - CVE-2024-24795: Fixed HTTP respons...
SUSE-SU-2024:1963-1 Security update for apache2
This update for apache2 fixes the following issues: - CVE-2023-38709: Fixed HTTP response splitting bsc1222330. - CVE-2024-24795: Fixed HTTP response splitting in multiple modules bsc1222332. - CVE-2024-27316: Fixed HTTP/2 CONTINUATION frames can be utilized for DoS attacks bsc1221401...
RHEL 8 : 14_nodejs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: DiffieHellman do not generate keys after setting a private key CVE-2023-30590 - The use of proto ...
CVE-2024-36378
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens...
SUSE SLES15: apache2 / apache2-devel / apache2-doc / apache2-prefork / etc (SUSE-SU-2024:1788-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1788-1 advisory. - CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code bsc1222330. - CVE-2024-24795: Fixed handlin...