3459 matches found
CVE-2024-3332
CVE-2024-3332 describes a vulnerability where a malicious Bluetooth Low Energy device can trigger a specific packet sequence that leads to a denial-of-service (DoS) on the victim BLE device. Multiple sources tie this to a null pointer dereference in Zephyr OS components (notably libzephyr.so) and...
CVE-2024-6126
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pamenv's userreadenv option, which leads to a denial of service DoS attack...
CVE-2024-6126
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pamenv's userreadenv option, which leads to a denial of service DoS attack...
Prototype Pollution
@cahil/utils is vulnerable to Prototype Pollution. The vulnerability is due to missing checks in the set function, allowing attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
jsonic was discovered to contain a prototype pollution via the function empty.
rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
BIT-GITLAB-2024-1493 Uncontrolled Resource Consumption in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the serve...
CVE-2024-1493
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the serve...
CVE-2024-1493
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the serve...
GitLab 9.2 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-1493)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic...
CVE-2024-1493 Uncontrolled Resource Consumption in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the serve...
CVE-2024-1493
Removed by vendor...
CVE-2024-1493 Uncontrolled Resource Consumption in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the serve...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the jose4j component ( CVE-2023-51775).
Summary IBM Event Streams is vulnerable to a a denial of service attack due to the jose4j component. The jose4j library is used in event streams for secure handling of JSON Web Tokens JWTs, enabling encryption, decryption, and validation of tokens to ensure secure authentication and data integrit...
CVE-2023-5038 Unauthenticated DoS
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...
CVE-2021-45785
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery CSRF attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the vict...
CVE-2021-45785
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery CSRF attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the vict...
CVE-2021-45785
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery CSRF attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the vict...
CVE-2021-45785
Summary of CVE-2021-45785 (TruDesk) : TruDesk Help Desk/Ticketing Solution v1.1.11 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to restart the server, causing a DoS. The attacker must lure a privileged user to visit a page containing a GET request to th...
Multiple vulnerabilities in multiple Trend Micro products
Overview Trend Micro Incorporated has released security updates for multiple Trend Micro products. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Apex One 2019 On-prem, Apex One as a Service Local privilege escalation due ...
CVE-2024-37904
CVE-2024-37904 affects Minder’s Git provider, which can be DoS’d by cloning a large or malicious repository into memory via go-git/go-git/v5. The root cause is that user-controlled Git URLs are cloned without a repository size limit and the entire repo is loaded into memory, enabling memory exhau...