11 matches found
CVE-2026-2261
The CVE-2026-2261 issue affects blocklistd where a programming error leaks a socket descriptor per adverse event, eventually exhausting file descriptors. After a moderate number of leaks, the process cannot run the helper script because a forked child dereferences a null pointer and crashes, prev...
Danswer 资源管理错误漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. Danswer suffers from a Resource Management Error vulnerability that stems from a regular expression denial of service, which could result in significantly slower...
GHSA-H5C3-5R3R-RR8Q @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary For the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a malicious link parameter in the headers section of the request—can trigger a ReDoS attack. Details The issue occurs at line 39 of iterator.ts...
CVE-2023-25161 Nextcloud Server's missing rate limiting on password reset functionality allows sending lots of emails
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage...
CVE-2023-25161 Nextcloud Server's missing rate limiting on password reset functionality allows sending lots of emails
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage...
Nextcloud 安全漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from a lack of rate limiting for the password reset feature, which could be exploited by an...
PT-2023-19947 · Nextcloud +1 · Nextcloud Enterprise Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 25.0.1 Nextcloud Server versions prior to 24.0.8 Nextcloud Server versions prior to 23.0.12 Nextcloud Enterprise Server versions prior to 25.0.1 Nextcloud Enterprise Server versions prior to 24.0.8 Nextcloud...
UPchieve: No rate Limit on Password Reset page on upchieve
Summary: Introduction A little bit about Rate Limit: A rate limiting algorithm is used to check if the user session or IP-address has to be limited based on the information in the session cache. In case a client made too many requests within a given timeframe, HTTP-Servers can respond with status...
wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...
The vulnerability of the `gdImageCreate` function in the GD Graphics Library allows a attacker to trigger a service failure.
The vulnerability of the gdImageCreate function in the GD Graphics Library exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure system slowdown by using an overly large image size...
Security Bulletin (MS00-030)
Microsoft Security Bulletin MS00-030 - -------------------------------------- Patch Available for "Malformed Extension Data in URL" Vulnerability Originally Posted: May 11, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Internet...