Lucene search
K

6 matches found

OSV
OSV
added 2026/04/03 9:42 p.m.3 views

GHSA-8MXQ-7XR7-2FXJ LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a...

5.9CVSS5.9AI score0.00329EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/03 9:42 p.m.5 views

LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a...

5.9CVSS5.9AI score0.00329EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 5:53 a.m.4 views

CVE-2023-22488

Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the...

6.8CVSS6.5AI score0.00397EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/22 12:0 a.m.4 views

PT-2023-11622 · Memcached · Memcached

Name of the Vulnerable Software and Affected Versions: Memcached versions 1.6.0 through 1.6.2 Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, via a crafted meta command. Recommendations: For Memcached versions 1.6.0 through 1.6.2, update t...

7.5CVSS7.1AI score0.00979EPSS
Exploits1References9
Snyk
Snyk
added 2022/08/09 5:5 p.m.2 views

Unintended Proxy or Intermediary

Overview std/net/http/cgi is a Go standard library package std/net/http/cgi Affected versions of this package are vulnerable to Unintended Proxy or Intermediary. Go Vulnerability Report: An input validation flaw in the CGI components allows the HTTPPROXY environment variable to be set by the...

9.2CVSS6.7AI score0.0522EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/01/31 12:0 a.m.1 views

PT-2020-19473 · Hashicorp +1 · Hashicorp Consul +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.6.2 and earlier Description: The issue allows unbounded resource usage and is susceptible to unauthenticated denial of service. This affects the HTTP/RPC services of HashiCorp Consul and Consu...

7.5CVSS6.6AI score0.02851EPSS
Exploits1References27
Rows per page
Query Builder