Lucene search
K

18 matches found

Cvelist
Cvelist
added 2026/05/22 12:0 a.m.6 views

CVE-2026-42626

HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 JetDirect/RAW printing. An unauthenticated remote attacker on the same network can establish a persistent connection to port 9100 and send keep-alive packets, causing the printer's...

0.0016EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/16 5:30 a.m.9 views

Missing Authentication For Critical Function

Sliver is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to the DNS C2 listener allocating server-side sessions without validating TOTP values and lacking session cleanup, which allows an attacker to create excessive sessions and exhaust server memory...

7.5CVSS5.8AI score0.00407EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/11/14 11:15 p.m.7 views

CVE-2021-4467

Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. The service generates a new session identifier for each incoming connection without adequately limiting concurrent requests. An unauthenticated remo...

8.7CVSS0.00411EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/14 10:51 p.m.12 views

CVE-2021-4467 Positive Technologies MaxPatrol 8 & XSpider Remote DoS

Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. The service generates a new session identifier for each incoming connection without adequately limiting concurrent requests. An unauthenticated remo...

8.7CVSS0.00411EPSS
Exploits0References4
CVE
CVE
added 2025/11/14 10:51 p.m.19 views

CVE-2021-4467

CVE-2021-4467 affects Positive Technologies MaxPatrol 8 and XSpider, where the client communication service listening on TCP port 2002 accepts new session IDs per connection without adequately throttling concurrent requests. An unauthenticated attacker could issue repeated HTTPS requests to cause...

8.7CVSS6.8AI score0.00411EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-4524

Malware in sbrugna...

7.1CVSS6.4AI score0.01834EPSS
Exploits1References8
NVD
NVD
added 2025/09/23 11:15 p.m.5 views

CVE-2025-58473

An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions of the Click...

8.2CVSS0.00326EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/24 2:8 a.m.6 views

CVE-2025-48462 Login Session Exhaustion

Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product...

4.2CVSS7.1AI score0.00172EPSS
Exploits0References1
CVE
CVE
added 2025/06/24 2:8 a.m.24 views

CVE-2025-48462

CVE-2025-48462 describes a login session exhaustion vulnerability that could allow an attacker to consume all available session slots, blocking legitimate users from logging in (impact described as denial of service). Supported by connected sources: for Apache HTTP Server (PT-2025-26676) the affe...

4.2CVSS4.4AI score0.00172EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.4 views

Advantech多款产品 安全漏洞

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. A denial of service vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause a denial of service...

4.2CVSS5.8AI score0.00172EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.153 views

F5 BigIP Access Policy Manager Session Exhaustion Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BigIP Access Policy Manager Session Exhaustion Denial of Service', 'Description' = %q This module exploits a resource exhaustion denial of...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/09/10 12:5 p.m.6 views

python-django: Denial-of-service possibility in logout() view by filling session store

It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.loginrequired. A remote attacker could use this flaw to fill up the...

5CVSS7.1AI score0.05163EPSS
Exploits0References4
Metasploit
Metasploit
added 2015/03/06 6:55 a.m.24 views

F5 BigIP Access Policy Manager Session Exhaustion Denial of Service

This module exploits a resource exhaustion denial of service in F5 BigIP devices. An unauthenticated attacker can establish multiple connections with BigIP Access Policy Manager APM and exhaust all available sessions defined in customer license. In the first step of the BigIP APM negotiation the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/10/15 12:0 a.m.46 views

Cisco Unity多个远程安全漏洞

BUGTRAQ ID: 31642 CVECAN ID: CVE-2008-4545,CVE-2008-4544,CVE-2008-4543,CVE-2008-4542 Cisco Unity是一个语音和统一的消息平台。 Cisco Unity中存在多个安全漏洞,可能允许恶意用户泄露敏感信息、导致拒绝服务或注入恶意脚本。 1 Cisco Unity中存在跨站脚本漏洞,远程攻击者可以向数据库提供恶意数据,当下一次管理员登录并访问依赖于存储信息的页面时,就可以执行跨站脚本。 2...

7.1CVSS6.4AI score0.02354EPSS
Exploits1
NVD
NVD
added 2008/10/13 8:0 p.m.14 views

CVE-2008-4543

Cisco Unity 4.x before 4.21ES161, 5.x before 5.01ES53, and 7.x before 7.02ES8, when using anonymous authentication aka native Unity authentication, allows remote attackers to cause a denial of service session exhaustion via a large number of connections...

7.1CVSS6.8AI score0.01834EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2008/10/13 8:0 p.m.3 views

CVE-2008-4543

Cisco Unity 4.x before 4.21ES161, 5.x before 5.01ES53, and 7.x before 7.02ES8, when using anonymous authentication aka native Unity authentication, allows remote attackers to cause a denial of service session exhaustion via a large number of connections...

7.1CVSS5.6AI score0.01834EPSS
Exploits1References8
Cvelist
Cvelist
added 2008/10/13 6:0 p.m.18 views

CVE-2008-4543

Cisco Unity 4.x before 4.21ES161, 5.x before 5.01ES53, and 7.x before 7.02ES8, when using anonymous authentication aka native Unity authentication, allows remote attackers to cause a denial of service session exhaustion via a large number of connections...

6.8AI score0.01834EPSS
Exploits1References7
CVE
CVE
added 2008/10/13 6:0 p.m.55 views

CVE-2008-4543

Cisco Unity in 4.x (before 4.2(1)ES161), 5.x (before 5.0(1)ES53), and 7.x (before 7.0(2)ES8) is affected when using anonymous/native Unity authentication. A remote attacker can cause a denial of service by exhausting sessions via a large number of connections. Root cause is an authentication/conf...

7.1CVSS6.8AI score0.01834EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder