CVE-2024-45797

CVE-2024-45797 affects LibHTP prior to 0.5.49, where unbounded processing of HTTP request/response headers can cause excessive CPU and memory usage, leading to DoS-like slowdowns. The issue is addressed in LibHTP 0.5.49. Public disclosures in Ubuntu USN-7814-1 and Debian DLA-4295-1, and related O...

CVE-2024-45797

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

CVE-2024-39547 Junos OS and Junos OS Evolved: cRPD: Receipt of crafted TCP traffic can trigger high CPU utilization

An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine RE to cause a CPU-based Denial of Service DoS. If special...

CVE-2024-39547 Junos OS and Junos OS Evolved: cRPD: Receipt of crafted TCP traffic can trigger high CPU utilization

An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine RE to cause a CPU-based Denial of Service DoS. If special...

CVE-2024-20480

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access SD-Access fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service DoS condition that requires a manual...

CVE-2024-20480

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access SD-Access fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service DoS condition that requires a manual...

CVE-2024-20480

Cisco IOS XE Software SD-Access fabric edge nodes are affected by a Denial of Service vulnerability in the DHCP Snooping feature. The issue stems from improper handling of IPv4 DHCP packets, which could let an unauthenticated, remote attacker cause high CPU utilization and traffic processing halt...

Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access SD-Access fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service DoS condition that requires a manual...

F5 Networks BIG-IP : BIG-IP TMM vulnerability (K000138833)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.5. It is, therefore, affected by a vulnerability as referenced in the K000138833 advisory. In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition VEs using Intel E810 SR-IOV NIC,...

CVE-2024-41727

In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition VEs using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-39792

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-41727 BIG-IP TMM vulnerability

In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition VEs using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A security vulnerability exists in F5 BIG-IP that stems from undisclosed traffic that could lead to increased memory resource utilization...

ROS-20240813-02

Vulnerability of nvmettcpbuildpduiovec function in drivers/nvme/target/tcp.c module of NVMe driver of Linux kernel is related to null pointer dereference. of Linux operating system is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denia...

aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-41990 via django (>=4.2.0 <=4.2.14)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41990 Source advisory: OSV:PYSEC-2024-68...

CVE-2024-42358

PDFio is a simple C library for reading and writing PDF files. There is a denial of service DOS vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability...

CVE-2024-42358

PDFio contains a denial-of-service vulnerability in its TTF parser. A crafted TrueType font can trigger an infinite loop in read_camp by manipulating nGroups, causing 100% memory usage and a heap-buffer-overflow. The ttf.h component is implicated; impact is local and leads to DOS if exploited thr...

CVE-2024-42358 Loop with Unreachable Exit Condition ('Infinite Loop') in pdfio

PDFio is a simple C library for reading and writing PDF files. There is a denial of service DOS vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability...

CVE-2024-39549 Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to a memory leak

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not...

CVE-2024-39518

CVE-2024-39518 affects Juniper Junos OS on MX240, MX480, and MX960 platforms using MPC10E. The vulnerability is a heap-based buffer overflow in the telemetry sensor process (sensord) that causes memory growth and eventually DoS when a Junos Telemetry Interface subscription is active. Affected ver...