3459 matches found
ISC DHCP Zero Length ClientID Denial of Service Module
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ISC DHCP Zero Length ClientID Denial of Service Module', 'Description' = %q This module performs a Denial of Service Attack against the ISC DHCP...
Microsoft IIS FTP Server LIST Stack Exhaustion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft IIS FTP Server LIST Stack Exhaustion', 'Description' = %q This module triggers Denial of Service condition in the Microsoft Internet...
SAP Internet Graphics Server (IGS) XMLCHART XXE
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Internet Graphics Server IGS XMLCHART XXE', 'Description' = %q This module exploits CVE-2018-2392 and CVE-2018-2393, two XXE vulnerabilities...
FreeBSD : md4c -- DoS attack (f2b1da2e-6178-11ef-8a7d-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f2b1da2e-6178-11ef-8a7d-b42e991fc52e advisory. [email protected] reports: mdanalyzeline in md4c.c in md4c 0.4.7 allows attackers to trigger use of...
CVE-2024-45167
An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service DoS attacks and possibly remote code execution...
GO-2022-0456 DoS via malicious p2p message in Go Ethereum in github.com/ethereum/go-ethereum
DoS via malicious p2p message in Go Ethereum in github.com/ethereum/go-ethereum...
Nginx 1.5.13 - 1.27.0 Buffer Overread Vulnerability
Nginx is prone to a buffer overread in the ngxhttpmp4module. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx";...
CVE-2024-36462
Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. This can cause a denial-of-service DoS attack or degrade the performance of the affected...
CVE-2024-36462
Technical details about CVE-2024-36462 are not publicly provided in the connected documents. The sources describe generic uncontrolled resource consumption and DoS impact; no affected product/version or patch info is specified. Monitor for updates.
CVE-2024-36462 Allocation of resources without limits or throttling (uncontrolled resource consumption)
Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. This can cause a denial-of-service DoS attack or degrade the performance of the affected...
GHSA-RG2Q-2JH9-447Q Gas mispricing in cosmwasm-vm
Component: wasmvm Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmvm 1.5.4, 2.0.3, 2.1.2 Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract cou...
Gas mispricing in cosmwasm-vm
Component: wasmvm Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmvm 1.5.4, 2.0.3, 2.1.2 Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract cou...
RUSTSEC-2024-0361 CWA-2024-004: Gas mispricing in cosmwasm-vm
Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain. For more...
CVE-2024-3114
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...
CVE-2024-3114 Uncontrolled Resource Consumption in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...
CVE-2024-3114
CVE-2024-3114 affects GitLab CE/EE: versions 11.10 up to 17.0.6, 17.1 up to 17.1.4, and 17.2 up to 17.2.2 are vulnerable due to processing logic for parsing invalid commits that allows a regular expression denial-of-service (DoS) on the server. Impact is availability-related. Mitigations document...
CVE-2024-3114 Uncontrolled Resource Consumption in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...
CVE-2024-3114
Removed by vendor...
CVE-2024-41991
A flaw was found in Django. 'urlize', 'urlizetrunc', and 'AdminURLFieldWidget' may be subject to a denial of service attack via certain inputs with a very large number of Unicode characters. Mitigation Mitigation for this issue is either not available or the currently available options do not mee...
CVE-2024-7409 Qemu: denial of service via improper synchronization in qemu nbd server during socket closure
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline...