CVE-2023-6682 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS...

CVE-2023-6688 Uncontrolled Resource Consumption in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server...

CVE-2023-6688

CVE-2023-6688 – GitLab CE/EE (16.11.x) affected versions: 16.11 up to but not including 16.11.2. Root cause: processing logic for Google Chat Messages integration allows a regular expression DoS on the server. Impact: availability impact is reported as HIGH; confidentiality/integrity remain NONE....

CVE-2023-6688

Removed by vendor...

CVE-2023-6688 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server...

CVE-2024-33781

MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::getbytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted message...

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP4 (RHSA-2024:2693)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2693 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...

CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

Out-of-bounds Write

github.com/onosproject/onos-lib-go is vulnerable to Out-of-bounds Write. The vulnerability is due to an incorrect boundary check within the putBitString method, which could lead to a Denial of Service DoS attack...

CVE-2024-2757

In PHP 8.3. before 8.3.5, function mbencodemimeheader runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function...

CVE-2024-2757

In PHP 8.3. before 8.3.5, function mbencodemimeheader runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function...

Fedora 40 : php (2024-5e8ae0def0)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5e8ae0def0 advisory. PHP version 8.3.6 11 Apr 2024 Core: Fixed GH-13569 GC buffer unnecessarily grows up to GCMAXBUFSIZE when scanning WeakMaps. Arnaud Fixed bug GH-1361...

Fedora 40 : trafficserver (2024-111a8a624b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-111a8a624b advisory. Update to upstream 9.2.4, resolves CVE-2024-31309 CONTINUATION frames DoS Tenable has extracted the preceding description block directly from the...

Debian dla-3799 : trafficserver - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3799 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3799-1 [email protected] https://www.debian.org/lts/security/...

CVE-2024-28890

Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service DoS...

CVE-2024-22815

An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service DoS via crafted commands...

ROS-20240422-07

A vulnerability in the Iperf3 network bandwidth measurement tool is related to the fact that a client can send less than the expected amount of data to the iperf server, which could cause the server to will indefinitely wait for the remainder or until the connection is is closed. Exploitation of...

CVE-2024-31994 Mealie vulnerable to a DoS in recipe image importer (GHSL-2023-228)

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole leading to possible disk...

CVE-2024-31994 Mealie vulnerable to a DoS in recipe image importer (GHSL-2023-228)

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole leading to possible disk...

CVE-2024-31994 Mealie vulnerable to a DoS in recipe image importer (GHSL-2023-228)

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole leading to possible disk...