CVE-2024-38828 CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter

Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack...

CVE-2024-38828

CVE-2024-38828: Spring MVC controller methods with an @RequestBody byte[] parameter are vulnerable to DoS (Uncontrolled Resource Consumption). Publicly documented in IBM OpenPages and related Bulletins; impact centers on Spring MVC data binding and request body handling. Remediation in affected I...

CVE-2024-24458

An invalid memory access when handling the ENB Configuration Transfer messages containing invalid PLMN Identities in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service DoS to the cellular network by repeatedly initiating connections and sending a crafted payload...

CVE-2024-24458

The CVE-2024-24458 entry describes an invalid memory access in the ENB Configuration Transfer message handling of Athonet vEPC MME v11.4.0. The underlying issue allows an attacker to trigger a Denial of Service on the cellular network by repeatedly initiating connections and sending a crafted pay...

CVE-2024-24457

Athonet vEPC MME v11.4.0 is affected by an invalid memory access in the ProtocolIE_ID handling of E-RAB Setup List Context SURes messages. This vulnerability can allow an attacker to cause a Denial of Service to the cellular network by repeatedly initiating connections and sending a crafted paylo...

Medium: python38-pip

Issue Overview: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode CVE-2024-3651 Affected Packages: python38-pip Note: This advisory is applicable to Amazon Linux 2 - Python3.8 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and th...

CVE-2024-38826 CVE-2024-38826 Cloud Controller Denial of Service Attack

Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: Upgrade capi release version to 1.194.0 or...

RockyLinux 9 : mod_http2 (RLSA-2024:8680)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:8680 advisory. modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 Tenable has extracted the preceding description block directly from the RockyLinux security...

CVE-2024-47072 XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

CVE-2024-51428

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service DoS via a crafted data channel packet...

A malicious gguf model can lead to DoS due to unchecked null pointer dereference via network

This report is not public...

Medium: python-pip

Issue Overview: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode CVE-2024-3651 Affected Packages: python-pip Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

Progress Telerik Report Server <= 10.2.24.709 Multiple Vulnerabilities (September 2024)

The version of Progress Telerik Report Server installed on the remote host is affected by multiple vulnerabilities: - A credential stuffing attack is possible through improper restriction of excessive login attempts. CVE-2024-7292 - A password brute forcing attack is possible through weak passwor...

CVE-2024-8185

A flaw was found in HashiCorp Vault. Clusters using Vault’s Integrated Storage backend are vulnerable to a denial of service DoS attack through memory exhaustion through a Raft cluster join API endpoint. This flaw allows an attacker to send a large volume of requests to the endpoint, which may...

ABB Cylon Aspect 3.08.01 jsonProxy.php Denial Of Service Vulnerability

ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthenticated denial of service attack in the jsonProxy.php endpoint. An attacker can remotely restart the main Java server by accessing the FTControlServlet with the restart parameter. The endpoint proxies requests to localhost without...

CVE-2024-7807

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service DOS attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT...

PYSEC-2024-119

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service DOS attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT...

CVE-2024-7807

CVE-2024-7807 affects gaizhenbiao/chuanhuchatgpt at version 20240628, enabling unauthenticated Denial of Service via a crafted multipart boundary. An attacker can attach an excessive number of characters to the boundary, causing continuous processing and prolonged unavailability of the service. C...

CVE-2024-21203

...

Eclipse Jetty DoS Vulnerability (GHSA-g8m5-722r-8whq) - Linux

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...