EUVD-2020-21396

Malware in sbrugna...

CVE-2025-2256

CVE-2025-2256 affects GitLab CE/EE: versions 7.12–18.1.6, 18.2–18.2.6, and 18.3–18.3.2. The issue allows an unauthenticated/unauthorized user to render the GitLab instance unresponsive for legitimate users by sending multiple concurrent large SAML responses. CVSS v3.1 base score 7.5 (High) with n...

CVE-2024-6790

The CVE-2024-6790 issue is a Loop with Unreachable Exit Condition affecting Arm Mali GPU Kernel Drivers: Bifrost (r46p0–r49p0, r50p0–r51p0), Valhall (same ranges), and Arm 5th Gen GPU Architecture (same ranges). A non-privileged process can perform valid GPU memory operations (including via WebGL...

vLLM Denial of Service via the best_of parameter

A vulnerability was found in the ilab model serve component, where improper handling of the bestof parameter in the vllm JSON web API can lead to a Denial of Service DoS. The API used for LLM-based sentence or chat completion accepts a bestof parameter to return the best completion from several...

Denial Of Service (DoS)

Django is vulnerable to Denial of Service DoS. The vulnerability is caused by insufficient input validation when handling very long strings containing specific characters in the django.utils.translation.getsupportedlanguagevariant function. This allows an attacker to exploit the function,...

Denial Of Service (DoS)

typo3/cms is vulnerable to Denial Of Service. The vulnerability is due to the unbound cHash argument, which attackers can exploit it by using valid cHash arguments for multiple pages, leading to additional useless page cache entries. This allows an attackers to generate a considerable amount of...

GNU Binutils 安全漏洞

GNU Binutils is a set of binary tools developed by the GNU Project, mainly used to deal with target files e.g., executables, libraries, etc., covering compilation, linking, debugging, and other phases of the function. A memory leak vulnerability exists in GNU Binutils, which originates from a...

CVE-2023-23857

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services...

K37526132: OpenSSL vulnerability CVE-2017-3731

Security Advisory Description If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when...

Microsoft Windows IKE Extension 资源管理错误漏洞

Microsoft Windows is a windowed operating system developed by Microsoft Corporation. A denial-of-service vulnerability exists in Microsoft Windows IKE Extension, which can be exploited by attackers to cause the target system to stop responding...

Microsoft Hyper-V 输入验证错误漏洞

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. A denial of service vulnerability exists in Microsoft Hyper-V, which can be exploited by an attacker to cause the target system to stop responding...

Fortinet FortiSandbox 竞争条件问题漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from a security vulnerability that stems from th...

Microsoft Windows Denial of Service Vulnerability (CNVD-2020-07214)

Microsoft Windows is the popular computer operating system. A denial of service vulnerability exists when Windows does not properly handle hard links. An attacker could exploit this vulnerability by logging on to the system and running a specially crafted application to cause the target system to...

FreeBSD : FreeBSD -- Resource exhaustion in IP fragment reassembly (359e1548-a652-11e8-805b-a4badb2f4699)

A researcher has notified us of a DoS attack applicable to another operating system. While FreeBSD may not be vulnerable to that exact attack, we have identified several places where inadequate DoS protection could allow an attacker to consume system resources. It is not necessary that the attack...

Microsoft Windows Graphics Component Denial of Service Vulnerability

Microsoft Windows is the popular computer operating system. A denial of service vulnerability exists in the Microsoft Windows Graphics component, which can be exploited by an attacker to cause the target system to stop responding...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2017:0086 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Cisco Prime Renegotiation Request Denial of Service Vulnerability

A vulnerability in Cisco Prime could allow a remote, unauthenticated attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of SSL renegotiation requests. An unauthenticated, remote attacker could exploit this vulnerability by sending multiple SSL...

Resource Exthaustion when sanitizing filenames - ownCloud

The sanitization component for filenames was vulnerable to DoS when parsing specially crafted file names passed via specific endpoints. Effectively this lead to a endless loop filling the log file until the system is not anymore responsive. Affected Software ownCloud Server 6.0.8 CVE-2015-4717...

PUF UDP Flooder

PUF UDP Flooder is a denial-of-service attack tool associated with malicious activity. The tool crafts and sends multiple UDP requests that can potentially cause an affected system to become temporarily unresponsive...

Multiple Vulnerabilities in Cisco Web Security Appliance (cisco-sa-20130626-wsa)

According to its self-reported version, the version of Cisco Web Security Appliance running on the remote host has the following vulnerabilities : - Multiple unspecified vulnerabilities exist in the web framework that could allow a remote, authenticated attacker to execute arbitrary commands...