52 matches found
BIT-MLFLOW-2024-3099
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...
UBUNTU-CVE-2024-43398
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...
BIND's database will be slow if a very large number of RRs exist at the same name
...
PT-2024-23711
Name of the Vulnerable Software and Affected Versions mlflow/mlflow version 2.11.1 Description A vulnerability in mlflow/mlflow allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not ...
Apache Answer 竞争条件问题漏洞
Apache Answer is a community platform of the Apache USA Foundation. Apache Answer 1.2.1 and prior versions suffer from a Competing Conditions vulnerability, which arises from improper handling of concurrent access when concurrent code requires mutually exclusive access to shared resources during...
ALPINE-CVE-2023-5680
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and...
CVE-2023-38831
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file such as an ordinary .JPG file and also a folder that has the same name as the benign file, and the...
SUSE CVE-2020-35112
If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...
PT-2023-2471 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 24.0.9 Nextcloud Server versions prior to 25.0.3 Description: The issue is related to the handling of shared resources with the same name in Nextcloud Server, particularly when a memory cache is configured. ...
CVE-2022-27261
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...
express-fileupload 代码问题漏洞
express-fileupload is a file upload middleware by Richard Girges, an individual developer in the United States. A security vulnerability exists in express-fileupload v1.3.1, which allows an attacker to upload multiple files with the same name, resulting in the overwriting of files in the web...
PT-2022-18338 · Unknown · Express-Fileupload
Name of the Vulnerable Software and Affected Versions: Express-FileUpload version 1.3.1 Description: The issue allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. This can be exploited due to an arbitrary file write...
CVE-2022-23971
ASUS RT-AX56U’s updatePLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service...
The vulnerability of the DNS server Dnsmasq, related to errors in the implementation of security checks for standard elements, allows attackers to compromise the integrity of the protected information.
The vulnerability of the Dnsmasq DNS server lies in the lack of checking for requests with the same name. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...
dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...
Dnsmasq 安全特征问题漏洞
Dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. It can be used as a server to forward DNS, DHCP, and TFTP. A security signature vulnerability exists in Dnsmasq that stems from not checking an existing pending request with the same name and forwarding a new request,...
dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...
dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...
dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...
dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...