Lucene search
K

114 matches found

OSV
OSV
added 2025/03/20 10:10 a.m.7 views

CVE-2024-12778 Denial of Service in aimhubio/aim

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service DoS attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...

7.5CVSS7AI score0.00727EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.5 views

PT-2025-12149 · Unknown · Netease-Youdao/Qanything

Name of the Vulnerable Software and Affected Versions: netease-youdao/qanything version v2.0.0 Description: A Denial of Service DoS vulnerability exists in the file upload feature due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this ...

7.5CVSS7.4AI score0.00811EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.9 views

PT-2025-12090 · Unknown · Binary-Husky/Gpt Academic

Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version 3.83 Description: A Denial of Service DoS vulnerability exists in the file upload feature due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this b...

6.5CVSS6.3AI score0.00671EPSS
Exploits1References5
OSV
OSV
added 2025/02/18 12:0 a.m.2 views

UBUNTU-CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

5.9CVSS7AI score0.38474EPSS
Exploits4References3
Veracode
Veracode
added 2024/06/25 5:2 a.m.14 views

Denial Of Service (DoS)

io.crate: crate is vulnerable for Denial Of Service. The vulnerability is due to the server allowing client-initiated renegotiation, which attackers can exploit to repeatedly request renegotiation of security parameters during an ongoing TLS session. This can lead to excessive CPU resource...

5.3CVSS6.8AI score0.00704EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/06/13 2:15 p.m.145 views

CVE-2024-37309

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint port 4200 permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security parameter...

5.3CVSS0.00704EPSS
Exploits1References3
Redos
Redos
added 2024/04/22 12:0 a.m.31 views

ROS-20240422-03

The Eclipse Jetty servlet container vulnerability is related to the fact that an established HTTP/2 SSL connection and a overloaded TCP will reload when the set time expires. Exploitation of the vulnerability could allow an attacker acting remotely to cause a state where a server could run out of...

7.5CVSS7.1AI score0.01433EPSS
Exploits0
GithubExploit
GithubExploit
added 2024/03/20 1:48 p.m.883 views

Exploit for CVE-2023-22622

DoS WP-Cron - CVE-2023-22622 Exploit PoC Overview This re...

5.3CVSS6.9AI score0.01659EPSS
Exploits1
OSV
OSV
added 2024/03/06 11:10 a.m.14 views

BIT-TYPO3-2021-21359

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to ...

7.5CVSS6.3AI score0.01731EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/10/18 1:2 a.m.3 views

SUSE CVE-2023-45150

Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended th...

4.3CVSS6.8AI score0.00386EPSS
Exploits1References3
Nextcloud
Nextcloud
added 2023/10/16 7:22 a.m.40 views

Inviting excessive long email addresses to a calendar event makes the server unresponsive

None...

4.3CVSS4.8AI score0.00386EPSS
Exploits1References2Affected Software1
Talos Blog
Talos Blog
added 2023/10/11 11:6 p.m.59 views

What to know about the HTTP/2 Rapid Reset DDoS attacks

Cisco Talos is actively tracking the novel distributed denial-of-service DDoS attacks cloud services provider Cloudflare disclosed earlier this week. The techniques described in Cloudflares blog post resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future...

5CVSS7.2AI score0.99999EPSS
Exploits19
OSV
OSV
added 2023/10/11 10:15 p.m.7 views

AZL-35302 CVE-2023-39325 affecting package telegraf for versions less than 1.27.3-3

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
Prion
Prion
added 2023/09/29 10:15 a.m.17 views

Code injection

Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notificationprop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users...

4CVSS6.4AI score0.00562EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/04/28 6:15 p.m.23 views

CVE-2023-30455

An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...

7.5CVSS7.5AI score0.01047EPSS
Exploits1References2
OSV
OSV
added 2023/04/28 6:15 p.m.3 views

CVE-2023-30455

An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...

7.5CVSS7.1AI score
Exploits0References2
Prion
Prion
added 2023/04/28 6:15 p.m.16 views

Design/Logic Flaw

An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...

5CVSS7.4AI score0.01047EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/04/28 12:0 a.m.7 views

ebankIT 安全漏洞

ebankIT is a banking software from ebankIT Portugal. A security vulnerability exists in versions prior to ebankIT 7. The vulnerability stems from an attacker sending a request with more than 100 statement IDs, which could overload the server for all users and cause a denial of service...

7.5CVSS7.3AI score0.01047EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/04/28 12:0 a.m.7 views

CVE-2023-30455

An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...

7.5AI score0.01047EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2023/04/28 12:0 a.m.332 views

ebankIT 6 Denial Of Service

CVE-2023-30455 Description An issue was discovered in ebankIT before version 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100...

6.9AI score0.01047EPSS
Exploits1
Rows per page
Query Builder