3459 matches found
CVE-2024-54682
Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin...
CVE-2024-10776 SICK InspectorP61x and SICK InspectorP62x: missing authentication
Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer...
SUSE: Security Advisory (SUSE-SU-2024:4212-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 9 : libreswan (RHSA-2024:10594)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10594 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide...
CVE-2024-37045
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2024-37045
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2024-37042
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2024-37042 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2024-37042
CVE-2024-37042 affects QNAP QTS and QuTS hero. A NULL pointer dereference vulnerability could allow remote attackers with administrator access to trigger a DoS. Affected versions include QTS before 5.2.1.2930 and QuTS hero before h5.2.1.2929; the issue is fixed in QTS 5.2.1.2930 build 20241025 an...
CVE-2024-37048 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2024-37048
CVE-2024-37048 is a NULL pointer dereference in QNAP QTS and QuTS hero. Affected are QTS 5.2.1.2930 build 20241025 and later, and QuTS hero h5.2.1.2929 build 20241025 and later. Impact is denial-of-service (DoS) via remote access with admin privileges; no user interaction required. Fixed in the s...
CVE-2024-37048 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2024-53432
While parsing certain malformed PLY files, PCL version 1.14.1 crashes due to an uncaught std::outofrange exception in PCLPointCloud2::at. This issue could potentially be exploited to cause a denial-of-service DoS attack when processing untrusted PLY files...
K000148606: Spring vulnerability CVE-2021-22119
Security Advisory Description Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. ...
Oracle Linux 9 : mod_auth_openidc (ELSA-2024-9180)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-9180 advisory. 2.4.10-1 Rebase to 2.4.10 version improves state cookies piling up problem Resolves: RHEL-32450 Race condition in modauthopenidc filecache Resolves: RHEL-25422...
CVE-2024-37155
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed...
CVE-2024-37155 OpenCTI May Bypass Introspection Restriction
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed...
GHSA-W3C8-7R8F-9JP8 Spring MVC controller vulnerable to a DoS attack
Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack...
CVE-2024-38828
Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack...
UBUNTU-CVE-2024-38828
Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack...