52 matches found
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...
CVE-2025-11482
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...
Allocation of Resources Without Limits or Throttling
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the URLField.topython function when processing URLs containing certain...
EUVD-2025-24560
Malicious code in bioql PyPI...
EUVD-2022-0849
Malicious code in bioql PyPI...
CVE-2025-25032
IBM Cognos Analytics is affected by a memory-resource exhaustion denial-of-service vulnerability (CVE-2025-25032) impacting versions 11.2.0 through 12.0.4. An authenticated user can trigger a crafted request that exhausts memory, potentially impacting availability. Affected products/versions incl...
CVE-2024-10550
A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...
CLSA-2025-1742474086 bind: Fix of CVE-2022-3094
CVE-2022-3094: fix resources exhaustion issue caused by flood of dynamic DNS updates...
RHEL 5 : ipsec-tools (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ipsec-tools: Parsing and storing ISAKMP fragments in malicious order can exhaust resources CVE-2016-10396 Note that...
IBM MQ 安全漏洞
IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and validated messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM MQ. A remote attacker could exploit this...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Apache HTTP Server vulnerabilities (USN-6506-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6506-1 advisory. David Shoon discovered that the Apache HTTP Server modmacro module incorrectly handled certain memory operations. A remote...
CVE-2022-3094
Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions ACLs and is...
Debian DLA-2214-1 : libexif security update
Various vulnerabilities have been addressed in libexif, a library to parse EXIF metadata files. CVE-2016-6328 An integer overflow when parsing the MNOTE entry data of the input file had been found. This could have caused denial of service DoS and Information Disclosure disclosing some critical he...
CVE-2020-1700
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by...
Punchbowl App Has Logic Design Flaws
Punching Assembly APP is a puzzle national quiz game app. A logic design vulnerability exists in Top Punch APP. The vulnerability is caused by the lack of authentication of the SMS interface at the registration account, which allows an attacker to consume server resources by sending unlimited...
Cisco FirePOWER System Software Denial of Service Vulnerability
Cisco Firepower System Software is a next-generation firewall product NGFW from Cisco. A denial of service vulnerability exists in the login configuration of the Secure Sockets Layer SSL policy in Cisco FirePOWER System Software versions 5.3.0 through 6.2.2. A remote attacker could exploit this...
Apache Tomcat security vulnerabilities
Resources exhaustion, restrictions bypass...
Cisco ASA multiple security vulnerabilities
Commands injection, resources exhaustion, DoS...
Apache Subversion multiple security vulnerabilities
Resources exhaustion, DoS, information spoofing...