Lucene search
K

1117 matches found

OSV
OSV
added 2024/07/23 2:49 p.m.21 views

CVE-2024-41655 TF2 Item Format Regular Expression Denial of Service vulnerability

TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...

7.5CVSS6.7AI score0.00766EPSS
Exploits0References5
OSV
OSV
added 2024/07/23 2:10 p.m.6 views

GHSA-8H55-Q5QQ-P685 (ReDoS) Regular Expression Denial of Service in tf2-item-format

Summary Versions of tf2-item-format since at least 4.2.6 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. Tested Versions - 5.9.13 - 5.8.10 - 5.7.0 - 5.6.17 - 4.3.5 - 4.2.6 v5 Upgrade package to ^5.9.14 v4 No patch exists. Please consult the v...

8.7CVSS7.4AI score0.00766EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/07/23 2:10 p.m.18 views

(ReDoS) Regular Expression Denial of Service in tf2-item-format

Summary Versions of tf2-item-format since at least 4.2.6 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. Tested Versions - 5.9.13 - 5.8.10 - 5.7.0 - 5.6.17 - 4.3.5 - 4.2.6 v5 Upgrade package to ^5.9.14 v4 No patch exists. Please consult the v...

7.5CVSS6.7AI score0.00766EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2024/07/17 6:24 p.m.17 views

CVE-2024-21125

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS6AI score0.0085EPSS
Exploits0References4
CVE
CVE
added 2024/07/16 10:40 p.m.330 views

CVE-2024-21177

CVE-2024-21177 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.37 and earlier, 8.4.0 and earlier. Issue: low-privileged attacker with network access via multiple protocols can cause a hang or frequent crash (DoS). CVSS: 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Remediation/p...

6.5CVSS6.4AI score0.0076EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/07/15 12:0 a.m.18 views

RHEL 8 : git-lfs (RHSA-2024:4546)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4546 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

7.5CVSS7.4AI score0.91969EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2024/07/10 12:0 a.m.60 views

Microsoft Windows Multiple Vulnerabilities (KB5040442, Blast-RADIUS)

This host is missing an important security update according to Microsoft KB5040442 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

9CVSS7.3AI score0.84345EPSS
Exploits2References7
Vulnrichment
Vulnrichment
added 2024/07/08 9:21 p.m.13 views

CVE-2024-3653 Undertow: learningpushhandler can lead to remote memory dos attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

5.3CVSS6.6AI score0.01866EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/06/19 6:13 a.m.16 views

CVE-2024-5208 Uncontrolled Resource Consumption in mintplex-labs/anything-llm

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service DOS by shutting down the server through sending invalid upload requests. Specifically, the server can be made to sh...

6.5CVSS7.2AI score0.00618EPSS
Exploits1References2
OSV
OSV
added 2024/06/19 3:36 a.m.21 views

SUSE-FU-2024:2078-1 Feature update for rabbitmq-server313, erlang26, elixir115

This update for rabbitmq-server313, erlang26, elixir115 fixes the following issues: rabbitmq-server was implemented with a parallel versioned RPM package at version 3.13.1 jscPED-8414: - Security issues fixed: CVE-2021-22116: Fixed improper input validation that may lead to Denial of Sercice DoS...

7.5CVSS6.3AI score0.01437EPSS
Exploits2References16
NVD
NVD
added 2024/06/12 12:15 p.m.30 views

CVE-2024-5211

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored in...

9.1CVSS0.01046EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/12 12:0 a.m.5 views

PT-2024-35123 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: anything-llm affected versions not specified Description: A path traversal issue allows a manager to bypass the normalizePath function, enabling them to read, delete, or overwrite the 'anythingllm.db' database file and other files in the...

9.1CVSS9.3AI score0.01046EPSS
Exploits1References6
NVD
NVD
added 2024/06/11 3:15 a.m.51 views

CVE-2024-34688

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availabilit...

7.5CVSS0.00541EPSS
Exploits0References2
CVE
CVE
added 2024/06/11 2:2 a.m.83 views

CVE-2024-34688

CVE-2024-34688 affects SAP NetWeaver AS Java where unrestricted access to the Meta Model Repository services can let attackers cause DoS, impacting availability with no confidentiality/integrity impact. Affected product: SAP NetWeaver AS Java (Meta Model Repository). Root cause: unrestricted acce...

7.5CVSS7.5AI score0.00541EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/11 2:2 a.m.26 views

CVE-2024-34688 Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availabilit...

7.5CVSS6.8AI score0.00541EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/11 12:0 a.m.38 views

SUSE SLED15: apache2 / apache2-devel / apache2-event / apache2-manual / etc (SUSE-SU-2024:1963-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1963-1 advisory. - CVE-2023-38709: Fixed HTTP response splitting bsc1222330. - CVE-2024-24795: Fixed HTTP respons...

7.5CVSS7AI score0.91327EPSS
Exploits2References10
OSV
OSV
added 2024/06/10 11:9 a.m.36 views

SUSE-SU-2024:1963-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2023-38709: Fixed HTTP response splitting bsc1222330. - CVE-2024-24795: Fixed HTTP response splitting in multiple modules bsc1222332. - CVE-2024-27316: Fixed HTTP/2 CONTINUATION frames can be utilized for DoS attacks bsc1221401...

7.5CVSS6.8AI score0.91327EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.27 views

RHEL 8 : 14_nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: DiffieHellman do not generate keys after setting a private key CVE-2023-30590 - The use of proto ...

7.5CVSS7.3AI score0.03906EPSS
Exploits1References4
NVD
NVD
added 2024/05/29 2:15 p.m.22 views

CVE-2024-36378

In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens...

7.5CVSS5.8AI score0.00382EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/28 12:0 a.m.36 views

SUSE SLES15: apache2 / apache2-devel / apache2-doc / apache2-prefork / etc (SUSE-SU-2024:1788-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1788-1 advisory. - CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code bsc1222330. - CVE-2024-24795: Fixed handlin...

7.5CVSS7.1AI score0.91327EPSS
Exploits2References10
Rows per page
Query Builder