CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

ws affected by a DoS when handling a request with many HTTP headers

Impact A request with a number of headers exceeding the server.maxHeadersCount threshold could be used to crash a ws server. Proof of concept js const http = require'http'; const WebSocket = require'ws'; const wss = new WebSocket.Server port: 0 , function const chars =...

CVE-2024-5211 Path Traversal to Arbitrary File Read/Delete/Overwrite, DoS Attack, and Admin Account Takeover in mintplex-labs/anything-llm

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored in...

CVE-2024-5211 Path Traversal to Arbitrary File Read/Delete/Overwrite, DoS Attack, and Admin Account Takeover in mintplex-labs/anything-llm

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the normalizePath function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored in...

CVE-2024-34688 Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availabilit...

GO-2024-2753 Denial of service in Kubernetes in k8s.io/kubernetes

Denial of service in Kubernetes in k8s.io/kubernetes...

PT-2024-27140 · Oneflow · Oneflow

Name of the Vulnerable Software and Affected Versions: Oneflow version 0.9.1 Description: The issue is related to improper input validation, allowing attackers to cause a Denial of Service DoS by inputting negative values into the oneflow.zeros/ones parameter. Recommendations: For version 0.9.1,...

Cache Flooding in TYPO3 Frontend

Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the...

Memory Exhaustion

braces is vulnerable to Memory Exhaustion. The vulnerability is due to improper input size restrictions, which allows an attacker to cause a Denial of Service DoS via crafted large imbalanced input to the braces method, leading to memory exhaustion and eventual application crash...

RHEL 7 : trousers (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root...

RHEL 6 : vte (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - vte: DoS long loop via escape sequences with large repeat counts CVE-2012-2738 - The...

RHEL 3 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: SGC restart DoS attack CVE-2011-4619 - openssl: CMS and PKCS7 Bleichenbacher attack CVE-2012-088...

RHEL 9 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

CVE-2024-36844

libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx-backend pointer. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted message sent to the unit-test-server...

SUSE-SU-2024:1868-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code bsc1222330. - CVE-2024-24795: Fixed handling of malicious HTTP splitting response headers in multiple modules bsc1222332. - CVE-2024-27316: Fixed HTTP/2...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1769)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. CVE-2024-32760 Note : This issue affects NGINX systems compiled with the...

GHSA-8FMJ-33GW-G7PW Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on th...

CVE-2024-27310

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input...