Page 19 of 38745 results (0.020 seconds)

CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01 • CWE-826: Premature Release of Resource During Expected Lifetime •

CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0

Because of this, protocols would not periodically drain the write buffer, potentially leading to a denial of service via memory exhaustion. • https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82 https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5 https://github.com/python/cpython/issues/127655 https://github.com/python/cpython/pull/127656 https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB https://access.redhat.com/security/cve/CVE-2024-12254 https://bugzilla.redhat.com/show_bug.cgi?id=2330804 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message. • https://access.redhat.com/security/cve/CVE-2024-11738 https://bugzilla.redhat.com/show_bug.cgi?id=2328732 https://github.com/advisories/GHSA-qg5g-gv98-5ffh https://github.com/rustls/rustls https://github.com/rustls/rustls/issues/2227 https://rustsec.org/advisories/RUSTSEC-2024-0399.html • CWE-248: Uncaught Exception •

CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0

This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.first.org/cvss/calculator/3.1 https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. ... The strip_tags() and stripbtags template filter may be vulnerable to a potential denial of service (DoS) in cases of a large sequence of nested incomplete HTML entities. • https://docs.djangoproject.com/en/dev/releases/security https://groups.google.com/g/django-announce https://www.openwall.com/lists/oss-security/2024/12/04/3 https://access.redhat.com/security/cve/CVE-2024-53907 https://bugzilla.redhat.com/show_bug.cgi?id=2329288 • CWE-770: Allocation of Resources Without Limits or Throttling CWE-1169: SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON) •