Lucene search
K

52 matches found

redhat
redhat
added 2026/06/08 3:14 a.m.11 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS5.4AI score0.0077EPSS
Exploits0References6
nvd
nvd
added 2026/05/26 2:16 p.m.16 views

CVE-2025-11482

An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service...

8.7CVSS0.00322EPSS
Exploits0References1
snyk
snyk
added 2026/05/18 8:23 p.m.8 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...

8.7CVSS5.8AI score0.00086EPSS
Exploits0References2
snyk
snyk
added 2026/03/03 6:39 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the URLField.topython function when processing URLs containing certain...

7.5CVSS5.8AI score0.00734EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-24560

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.04604EPSS
Exploits3References11
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0849

Malicious code in bioql PyPI...

7.8CVSS8.5AI score0.03793EPSS
Exploits0References8
cve
cve
added 2025/06/11 5:26 p.m.62 views

CVE-2025-25032

IBM Cognos Analytics is affected by a memory-resource exhaustion denial-of-service vulnerability (CVE-2025-25032) impacting versions 11.2.0 through 12.0.4. An authenticated user can trigger a crafted request that exhausts memory, potentially impacting availability. Affected products/versions incl...

7.5CVSS6.7AI score0.00321EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2025/03/22 12:12 p.m.7 views

CVE-2024-10550

A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...

7.5CVSS6.8AI score0.00588EPSS
Exploits1References1
osv
osv
added 2025/03/20 12:34 p.m.9 views

CLSA-2025-1742474086 bind: Fix of CVE-2022-3094

CVE-2022-3094: fix resources exhaustion issue caused by flood of dynamic DNS updates...

7.5CVSS7.1AI score0.13108EPSS
Exploits0References1
nessus
nessus
added 2024/05/11 12:0 a.m.16 views

RHEL 5 : ipsec-tools (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ipsec-tools: Parsing and storing ISAKMP fragments in malicious order can exhaust resources CVE-2016-10396 Note that...

7.3AI score0.02928EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/05/01 12:0 a.m.4 views

IBM MQ 安全漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and validated messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM MQ. A remote attacker could exploit this...

7.5CVSS7.2AI score0.00925EPSS
Exploits0References5
nessus
nessus
added 2023/11/22 12:0 a.m.58 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Apache HTTP Server vulnerabilities (USN-6506-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6506-1 advisory. David Shoon discovered that the Apache HTTP Server modmacro module incorrectly handled certain memory operations. A remote...

7.5CVSS7.5AI score0.70595EPSS
Exploits1References4
ubuntucve
ubuntucve
added 2023/01/25 12:0 a.m.51 views

CVE-2022-3094

Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions ACLs and is...

7.5CVSS7AI score0.13108EPSS
Exploits0References3
nessus
nessus
added 2020/05/18 12:0 a.m.50 views

Debian DLA-2214-1 : libexif security update

Various vulnerabilities have been addressed in libexif, a library to parse EXIF metadata files. CVE-2016-6328 An integer overflow when parsing the MNOTE entry data of the input file had been found. This could have caused denial of service DoS and Information Disclosure disclosing some critical he...

9.1CVSS6.7AI score0.03798EPSS
Exploits1References7
ubuntucve
ubuntucve
added 2020/01/31 12:0 a.m.28 views

CVE-2020-1700

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by...

6.8CVSS6.8AI score0.02488EPSS
Exploits0References2
cnvd
cnvd
added 2018/01/12 12:0 a.m.5 views

Punchbowl App Has Logic Design Flaws

Punching Assembly APP is a puzzle national quiz game app. A logic design vulnerability exists in Top Punch APP. The vulnerability is caused by the lack of authentication of the SMS interface at the registration account, which allows an attacker to consume server resources by sending unlimited...

7.1AI score
Exploits0
cnvd
cnvd
added 2017/05/23 12:0 a.m.4 views

Cisco FirePOWER System Software Denial of Service Vulnerability

Cisco Firepower System Software is a next-generation firewall product NGFW from Cisco. A denial of service vulnerability exists in the login configuration of the Secure Sockets Layer SSL policy in Cisco FirePOWER System Software versions 5.3.0 through 6.2.2. A remote attacker could exploit this...

7.8CVSS6.8AI score0.02394EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/05/17 12:0 a.m.58 views

Apache Tomcat security vulnerabilities

Resources exhaustion, restrictions bypass...

7.8CVSS2.3AI score0.20318EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2015/04/09 12:0 a.m.71 views

Cisco ASA multiple security vulnerabilities

Commands injection, resources exhaustion, DoS...

8.3CVSS2.4AI score0.02318EPSS
Exploits0
securityvulns
securityvulns
added 2015/04/07 12:0 a.m.49 views

Apache Subversion multiple security vulnerabilities

Resources exhaustion, DoS, information spoofing...

7.8CVSS2.4AI score0.12841EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder