Lucene search
K

45 matches found

Positive Technologies
Positive Technologies
added 2024/10/20 12:0 a.m.6 views

PT-2024-10339

Name of the Vulnerable Software and Affected Versions Aim affected versions not specified Description The issue is related to the web interface of the Aim machine learning experiment tracking and logging software, where an uncontrolled resource consumption can cause a server lockup during...

7.8CVSS7.1AI score0.00727EPSS
Exploits1References11
Debian CVE
Debian CVE
added 2024/09/09 7:7 p.m.19 views

CVE-2024-45296

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event...

7.5CVSS6.3AI score0.00932EPSS
Exploits0
Fedora
Fedora
added 2024/07/27 1:49 p.m.30 views

[SECURITY] Fedora 39 Update: darkhttpd-1.16-1.fc39

darkhttpd is a secure, lightweight, fast and single-threaded HTTP/1.1 server. Features: Simple to set up: Single binary, no other files. Standalone, doesn't need inetd or ucspi-tcp. No messing around with config files. Written in C - efficient and portable. Small memory footprint. Event loop,...

9.8CVSS6.7AI score0.01055EPSS
Exploits0
Fedora
Fedora
added 2024/07/27 1:47 a.m.36 views

[SECURITY] Fedora 40 Update: darkhttpd-1.16-1.fc40

darkhttpd is a secure, lightweight, fast and single-threaded HTTP/1.1 server. Features: Simple to set up: Single binary, no other files. Standalone, doesn't need inetd or ucspi-tcp. No messing around with config files. Written in C - efficient and portable. Small memory footprint. Event loop,...

9.8CVSS6.7AI score0.01055EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/15 12:0 a.m.7 views

The vulnerability in the io_uring.c module of the Linux operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the iouring component in the Linux operating system’s kernel is related to improper checking of multiprocessing in the currentissinglethreaded function. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

5.5CVSS6.5AI score0.00268EPSS
Exploits0References6Affected Software2
CNVD
CNVD
added 2023/02/21 12:0 a.m.7 views

Linux kernel information disclosure vulnerability (CNVD-2023-54416)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has an information disclosure vulnerability, which originates from timensinstall call currentissinglethreaded to determine whether the current process is...

5.5CVSS6AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2023/02/17 1:15 p.m.8 views

CVE-2023-23586

Due to a vulnerability in the iouring subsystem, it is possible to leak kernel memory information to the user process. timensinstall calls currentissinglethreaded to determine if the current process is single-threaded, but this call does not consider iouring's ioworker threads, thus it is possibl...

5.5CVSS7.2AI score
Exploits0References2
Veracode
Veracode
added 2021/05/02 5:48 a.m.50 views

Denial Of Service (DoS)

xen is vulnerable to denial of service. An out-of-memory occurs when an unbounded queue of single threaded events are received faster than the thread is able to handle...

6.5CVSS3.9AI score0.00348EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 2020/07/01 6:46 p.m.5 views

npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

7.5CVSS7.2AI score0.03012EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2020/06/10 2:25 p.m.35 views

CVE-2020-7663

A flaw was found in the websocket-extensions ruby module in versions prior to 0.1.5. The parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and another character. When abused by an...

5CVSS3.1AI score0.04404EPSS
Exploits1References4
OSV
OSV
added 2020/06/05 4:16 p.m.6 views

GHSA-G78M-2CHM-R7QV Regular Expression Denial of Service in websocket-extensions (NPM package)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

8.2CVSS7.1AI score0.03012EPSS
Exploits1References6
OSV
OSV
added 2020/06/02 7:15 p.m.27 views

CVE-2020-7662

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

7.5CVSS6.9AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/06/02 7:15 p.m.32 views

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

7.5CVSS7.1AI score0.04404EPSS
Exploits1References6
Prion
Prion
added 2020/06/02 7:15 p.m.20 views

Design/Logic Flaw

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

5CVSS7.3AI score0.04404EPSS
Exploits1References6Affected Software3
Debian CVE
Debian CVE
added 2020/06/02 6:25 p.m.26 views

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

7.5CVSS7.5AI score0.04404EPSS
Exploits1
exploitpack
exploitpack
added 2019/03/28 12:0 a.m.41 views

gnutls 3.6.6 - verify_crt() Use-After-Free

gnutls 3.6.6 - verifycrt Use-After-Free Description of problem: This is a critical memory corruption vulnerability in any API backed by verifycrt, including gnutlsx509trustlistverifycrt and related routines. I suspect any client or server that verifies X.509 certificates with GnuTLS is likely...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2017/12/29 7:16 p.m.51 views

Brother Debut http Denial Of Service

The Debut embedded HTTP server 'Brother Debut http Denial Of Service', 'Description' = %q The Debut embedded HTTP server MSFLICENSE, 'Author' = 'z00n ', vulnerability disclosure 'h00die' metasploit module , 'References' = 'CVE', '2017-16249' , 'URL',...

7.5CVSS0.2AI score0.59386EPSS
Exploits7
Fedora
Fedora
added 2017/03/08 1:59 p.m.29 views

[SECURITY] Fedora 25 Update: mingw-gtk-vnc-0.7.0-1.fc25

gtk-vnc is a VNC viewer widget for GTK. It is built using coroutines allowing it to be completely asynchronous while remaining single threaded...

9.8CVSS2.8AI score0.04985EPSS
Exploits2
Fedora
Fedora
added 2017/03/05 8:50 p.m.30 views

[SECURITY] Fedora 24 Update: gtk-vnc-0.7.0-1.fc24

gtk-vnc is a VNC viewer widget for GTK2. It is built using coroutines allowing it to be completely asynchronous while remaining single threaded...

9.8CVSS2.9AI score0.04985EPSS
Exploits2
Oracle linux
Oracle linux
added 2017/02/20 12:0 a.m.64 views

openssl security update

1.0.1e-48.4 - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher - fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts...

7.5CVSS4.4AI score0.57595EPSS
Exploits2
Rows per page
Query Builder