Lucene search
K

52 matches found

OSV
OSV
added 2024/10/13 7:12 p.m.9 views

BIT-MLFLOW-2024-3099

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...

5.4CVSS5.1AI score0.00442EPSS
Exploits1References1
OSV
OSV
added 2024/08/22 3:15 p.m.8 views

UBUNTU-CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

5.9CVSS6.6AI score0.01205EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2024/08/15 7:0 a.m.3 views

BIND's database will be slow if a very large number of RRs exist at the same name

...

7.5CVSS8.9AI score0.02114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.8 views

PT-2024-23711

Name of the Vulnerable Software and Affected Versions mlflow/mlflow version 2.11.1 Description A vulnerability in mlflow/mlflow allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not ...

5.4CVSS6.1AI score0.00442EPSS
Exploits1References10
CNNVD
CNNVD
added 2024/02/22 12:0 a.m.4 views

Apache Answer 竞争条件问题漏洞

Apache Answer is a community platform of the Apache USA Foundation. Apache Answer 1.2.1 and prior versions suffer from a Competing Conditions vulnerability, which arises from improper handling of concurrent access when concurrent code requires mutually exclusive access to shared resources during...

5.9CVSS7AI score0.00895EPSS
Exploits0References3
OSV
OSV
added 2024/02/13 2:15 p.m.3 views

ALPINE-CVE-2023-5680

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and...

5.3CVSS6.8AI score0.00624EPSS
Exploits0References1
OSV
OSV
added 2023/08/23 5:15 p.m.10 views

CVE-2023-38831

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file such as an ordinary .JPG file and also a folder that has the same name as the benign file, and the...

7.8CVSS6.1AI score0.97798EPSS
Exploits49References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.2 views

SUSE CVE-2020-35112

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...

7.5CVSS8.6AI score0.01289EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2023/02/03 12:0 a.m.3 views

PT-2023-2471 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 24.0.9 Nextcloud Server versions prior to 25.0.3 Description: The issue is related to the handling of shared resources with the same name in Nextcloud Server, particularly when a memory cache is configured. ...

8.8CVSS6.2AI score0.01373EPSS
Exploits3References25
ATTACKERKB
ATTACKERKB
added 2022/04/12 5:15 p.m.3 views

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

7.5CVSS6AI score0.01359EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.3 views

express-fileupload 代码问题漏洞

express-fileupload is a file upload middleware by Richard Girges, an individual developer in the United States. A security vulnerability exists in express-fileupload v1.3.1, which allows an attacker to upload multiple files with the same name, resulting in the overwriting of files in the web...

7.5CVSS7.3AI score0.01359EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.2 views

PT-2022-18338 · Unknown · Express-Fileupload

Name of the Vulnerable Software and Affected Versions: Express-FileUpload version 1.3.1 Description: The issue allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. This can be exploited due to an arbitrary file write...

7.5CVSS7.5AI score0.01359EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2022/03/02 1:33 a.m.4 views

CVE-2022-23971

ASUS RT-AX56U’s updatePLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service...

8.1CVSS5.5AI score0.00472EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/07/15 12:0 a.m.13 views

The vulnerability of the DNS server Dnsmasq, related to errors in the implementation of security checks for standard elements, allows attackers to compromise the integrity of the protected information.

The vulnerability of the Dnsmasq DNS server lies in the lack of checking for requests with the same name. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...

4.3CVSS6.9AI score0.04873EPSS
Exploits2References10Affected Software4
RedHat Linux
RedHat Linux
added 2021/01/25 3:13 p.m.4 views

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

4.3CVSS7.2AI score0.04873EPSS
Exploits2References6
CNNVD
CNNVD
added 2021/01/20 12:0 a.m.6 views

Dnsmasq 安全特征问题漏洞

Dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. It can be used as a server to forward DNS, DHCP, and TFTP. A security signature vulnerability exists in Dnsmasq that stems from not checking an existing pending request with the same name and forwarding a new request,...

4.3CVSS6.9AI score0.04873EPSS
Exploits2References27
RedHat Linux
RedHat Linux
added 2021/01/19 5:41 p.m.4 views

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

4.3CVSS7.2AI score0.04873EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2021/01/19 3:6 p.m.2 views

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

4.3CVSS7.2AI score0.04873EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2021/01/19 2:11 p.m.3 views

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

4.3CVSS7.2AI score0.04873EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2021/01/19 1:40 p.m.4 views

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

4.3CVSS7.2AI score0.04873EPSS
Exploits2References6
Rows per page
Query Builder