114 matches found
CVE-2024-12778 Denial of Service in aimhubio/aim
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service DoS attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...
PT-2025-12149 · Unknown · Netease-Youdao/Qanything
Name of the Vulnerable Software and Affected Versions: netease-youdao/qanything version v2.0.0 Description: A Denial of Service DoS vulnerability exists in the file upload feature due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this ...
PT-2025-12090 · Unknown · Binary-Husky/Gpt Academic
Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version 3.83 Description: A Denial of Service DoS vulnerability exists in the file upload feature due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this b...
UBUNTU-CVE-2025-26466
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...
Denial Of Service (DoS)
io.crate: crate is vulnerable for Denial Of Service. The vulnerability is due to the server allowing client-initiated renegotiation, which attackers can exploit to repeatedly request renegotiation of security parameters during an ongoing TLS session. This can lead to excessive CPU resource...
CVE-2024-37309
CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint port 4200 permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security parameter...
ROS-20240422-03
The Eclipse Jetty servlet container vulnerability is related to the fact that an established HTTP/2 SSL connection and a overloaded TCP will reload when the set time expires. Exploitation of the vulnerability could allow an attacker acting remotely to cause a state where a server could run out of...
Exploit for CVE-2023-22622
DoS WP-Cron - CVE-2023-22622 Exploit PoC Overview This re...
BIT-TYPO3-2021-21359
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to ...
SUSE CVE-2023-45150
Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended th...
Inviting excessive long email addresses to a calendar event makes the server unresponsive
None...
What to know about the HTTP/2 Rapid Reset DDoS attacks
Cisco Talos is actively tracking the novel distributed denial-of-service DDoS attacks cloud services provider Cloudflare disclosed earlier this week. The techniques described in Cloudflares blog post resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future...
AZL-35302 CVE-2023-39325 affecting package telegraf for versions less than 1.27.3-3
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
Code injection
Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notificationprop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users...
CVE-2023-30455
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...
CVE-2023-30455
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...
Design/Logic Flaw
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...
ebankIT 安全漏洞
ebankIT is a banking software from ebankIT Portugal. A security vulnerability exists in versions prior to ebankIT 7. The vulnerability stems from an attacker sending a request with more than 100 statement IDs, which could overload the server for all users and cause a denial of service...
CVE-2023-30455
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...
ebankIT 6 Denial Of Service
CVE-2023-30455 Description An issue was discovered in ebankIT before version 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100...