156 matches found
EUVD-2019-5973
Malware in sbrugna...
EUVD-2020-30307
Malware in sbrugna...
EUVD-2023-44263
Malicious code in bioql PyPI...
EUVD-2023-2399
Malicious code in bioql PyPI...
BIT-TOMCAT-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
CVE-2025-53531
WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142...
CVE-2025-53531 WeGIA allows Uncontrolled Resource Consumption via the fid parameter
WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142...
K000152389: golang: net/http, x/net/http2 vulnerability CVE-2023-39325
Security Advisory Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allo...
ROS-20250619-04
Vulnerability of http2 package of Go programming language is related to uncontrolled server resources consumption as a result of resetting Server.MaxConcurrentStreams parameter during request stream processing. as a result of resetting the Server.MaxConcurrentStreams parameter when processing a...
CVE-2024-7113
If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack...
CVE-2023-33950
Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs...
CVE-2023-27270
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain...
CVE-2020-9501
Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in...
Denial Of Service (DoS)
golang.org/x/crypto are vulnerable to a Denial Of Service DoS. The vulnerability is due to incomplete or slow key exchanges, which cause pending content to be read into memory but never transmitted, allowing an attacker to consume server resources and cause a denial of service...
Denial Of Service (DoS)
shopware/core is vulnerable to Denial of Service DoS. The vulnerability is due to lack of input length restrictions and inefficient processing of long password inputs, which allows attackers to consume excessive server resources...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in HTTP/2 protocol
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of HTTP/2 protocol Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited i...
BIT-NODE-MIN-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
BIT-NGINX-INGRESS-CONTROLLER-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
CBL Mariner 2.0 Security Update: blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd (CVE-2023-39325)
The version of blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-39325 advisory. - A malicious HTTP/2 client which rapidly creates...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the k8sio apiMAChinery component (CVE-2023-44487).
Summary IBM Event Streams is vulnerable to a denial of service attack due to the k8sio apiMAChinery component. k8sio apiMachinery is utilized for handling Kubernetes API interactions, facilitating streamlined communication with Kubernetes clusters within event-driven applications. Vulnerability...