CVE-2024-48924 MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialize...

CVE-2024-48924

CVE-2024-48924 affects MessagePack-CSharp: deserializing untrusted MessagePack data can cause DoS via hash collisions, causing high CPU usage and potential stack overflow. The issue mirrors an earlier hash-collision advisory and is mitigated by upgrading to a patched library version and applying ...

GHSA-4QM4-8HG2-G2XM MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialize...

MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialize...

CVE-2024-21263

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

Qnap QTS Allocation of Resources Without Limits or Throttling (CVE-2023-45028)

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service DoS attack via a network. We have already fixed the vulnerability in the...

AZL-50585 CVE-2024-21193 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PS. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

CVE-2024-21203

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

CVE-2024-47874

Starlette is an Asynchronous Server Gateway Interface ASGI framework/toolkit. Prior to version 0.40.0, Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form...

CVE-2024-6762

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory...

CVE-2024-6959

A vulnerability (CVE-2024-6959) affects parisneo/lollms-webui version 9.8. The issue allows a Denial of Service when uploading an audio file by appending a large number of characters to the end of a multipart boundary, causing the system to repeatedly process each character and rendering the UI i...

CVE-2024-48938

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process...

btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality

Impact The btcd Bitcoin client versions 0.10 to 0.24 did not correctly re-implement Bitcoin Core's "FindAndDelete" functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block or rejecting a...

CVE-2024-7294

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...

CVE-2024-7294 Uncontrolled resource consumption of anonymous endpoints

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...

CVE-2024-7294 Uncontrolled resource consumption of anonymous endpoints

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...

CVE-2024-7294

Progress Telerik Report Server (Progress) is affected by an HTTP DoS vulnerability on anonymous endpoints due to lack of rate limiting. The issue originates from uncontrolled resource consumption of anonymous requests, impacting availability. Affected versions are prior to 2024 Q3 (10.2.24.806). ...

CVE-2024-8454 PLANET Technology switch devices - Swctrl service DoS attack

The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service...

CVE-2024-8451 PLANET Technology switch devices - SSH server DoS attack

Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service...

CVE-2024-38809

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...