Lucene search
K

70 matches found

Veracode
Veracode
added 2025/01/07 7:14 a.m.10 views

Denial Of Service (DoS)

github.com/clidey/whodb is vulnerable to Denial of Service DoS. The vulnerability is due to the server reading the entire request body into memory without size limits, which allows an attacker to send large request bodies to the server, leading to memory exhaustion and potentially resulting in a...

7AI score
Exploits0
OSV
OSV
added 2024/11/20 9:38 p.m.1 views

GHSA-GJCC-JVGW-WVWJ Litestar allows unbounded resource consumption (DoS vulnerability)

Summary Litestar offers multiple methods to return a parsed representation of the request body, as well as extractors that rely on those parsers to map request content to structured data types. Multiple of those parsers do not have size limits when reading the request body into memory, which allo...

8.2CVSS5.9AI score0.00756EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2024/10/10 2:52 a.m.7 views

SUSE CVE-2024-46292

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...

7.5CVSS7.2AI score0.00785EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/26 8:24 a.m.21 views

CVE-2024-22091 Excessive resource consumption due to lack to request path size limits

Mattermost versions 8.1.x = 8.1.10, 9.6.x = 9.6.0, 9.5.x = 9.5.2 and 8.1.x = 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request paths...

3.1CVSS6.8AI score0.00537EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/26 12:0 a.m.7 views

Mattermost 安全漏洞

Mattermost Server is the United States Mattermost company's set of open source messaging platform. Mattermost Server suffers from an uncontrolled resource consumption vulnerability that can be exploited by an attacker to cause a denial of service by sending a large request path...

6.5CVSS6.6AI score0.00537EPSS
Exploits0References3
OSV
OSV
added 2024/01/09 5:15 p.m.4 views

CVE-2024-22164

In Splunk Enterprise Security ES versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service DoS to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessib...

4.3CVSS5.8AI score0.00457EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.33 views

Rocky Linux 8 : samba (RLSA-2021:5082)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5082 advisory. - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wi...

8.5CVSS6.7AI score0.01953EPSS
Exploits0References7
OSV
OSV
added 2023/10/25 6:17 p.m.9 views

AZL-32107 CVE-2023-46118 affecting package rabbitmq-server for versions less than 3.11.24-1

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API...

4.9CVSS7AI score0.01077EPSS
Exploits0References1
Veracode
Veracode
added 2023/08/24 9:17 a.m.29 views

Denial Of Service (DoS)

github.com/etcd-io/etcd is vulnerable to Denial of Service DoS attacks.. The vulnerability exists because the PageWriter.write function does not properly handle large requests, which an attacker to exploit this vulnerability by sending a specially crafted request that is larger than the expected...

7.5CVSS6.6AI score0.01314EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/05/17 5:24 p.m.226 views

CVE-2023-26044 ReactPHP's HTTP server continues parsing unused multipart parts after reaching limits

react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impa...

5.3CVSS5.2AI score0.0068EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/17 12:0 a.m.5 views

ReactPHP HTTP 资源管理错误漏洞

ReactPHP HTTP is a ReactPHP event-driven, streaming HTTP client and server implementation of ReactPHP open source. A resource management error vulnerability exists in ReactPHP HTTP versions 0.8.0 through 1.9.0, which stems from a vulnerability that can lead to high CPU loads when processing large...

5.3CVSS5.6AI score0.0068EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/04/04 9:36 p.m.33 views

CVE-2023-27492

A flaw was found in Envoy. This issue may allow attackers to send large request bodies for routes that have the Lua filter enabled, which will trigger a crash...

4.8CVSS7AI score0.00686EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.5 views

SUSE CVE-2007-1889

Integer signedness error in the zendmmallocint function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msgreceive wi...

7.5CVSS8.1AI score0.03088EPSS
Exploits0References5
NVD
NVD
added 2022/12/26 2:15 a.m.21 views

CVE-2022-37312

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet...

5.3CVSS0.00916EPSS
Exploits2References2
OSV
OSV
added 2022/12/26 2:15 a.m.3 views

CVE-2022-37312

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet...

5.3CVSS5.8AI score0.00916EPSS
Exploits2References2
CVE
CVE
added 2022/12/26 12:0 a.m.66 views

CVE-2022-37312

OX App Suite up to version 7.10.6 is affected by an Uncontrolled Resource Consumption vulnerability triggered by a large request body containing a redirect URL to the deferrer servlet. Reported impact: memory/resource exhaustion with availability impact. Public remediation guidance varies: PT Sec...

5.3CVSS5.2AI score0.00916EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.4 views

PT-2022-23920 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue is related to Uncontrolled Resource Consumption. It occurs when a large request body containing a redirect URL to the deferrer servlet is sent. Recommendations: For OX App Suite...

5.3CVSS5AI score0.00916EPSS
Exploits2References5
Cvelist
Cvelist
added 2022/12/26 12:0 a.m.29 views

CVE-2022-37312

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet...

5.6AI score0.00916EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/09/14 4:15 p.m.3 views

CVE-2022-3212

::fromrequest would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large or infinite body your server might run out of memory and crash. This also applies to these extractors which used Bytes::fromrequest internally:...

7.5CVSS7.1AI score0.0082EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.8 views

KubeEdge 资源管理错误漏洞

KubeEdge is KubeEdge open source a Kubernetes native edge computing framework. Built on Kubernetes and extends native containerized application orchestration and device management to edge hosts. A resource management error vulnerability exists in KubeEdge versions prior to 1.11.1, 1.10.2, and...

7.5CVSS7.3AI score0.01556EPSS
Exploits1References5
Rows per page
Query Builder