Page 54 of 38455 results (0.517 seconds)

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-47874 – Starlette Denial of service (DoS) via multipart/form-data

https://notcve.org/view.php?id=CVE-2024-47874

Uploading multiple such requests in parallel may be enough to render a service practically unusable, even if reasonable request size limits are enforced by a reverse proxy in front of Starlette. This Denial of service (DoS) vulnerability affects all applications built with Starlette (or FastAPI) accepting form requests. • https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-9506 – Regular Expression Denial of Service (ReDoS)

https://notcve.org/view.php?id=CVE-2024-9506

Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability. • https://www.herodevs.com/vulnerability-directory/cve-2024-9506 • CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0

CVE-2024-9676 – Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)

https://notcve.org/view.php?id=CVE-2024-9676

A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). • https://access.redhat.com/errata/RHSA-2024:8418 https://access.redhat.com/errata/RHSA-2024:8428 https://access.redhat.com/errata/RHSA-2024:8437 https://access.redhat.com/errata/RHSA-2024:8686 https://access.redhat.com/errata/RHSA-2024:8690 https://access.redhat.com/errata/RHSA-2024:8694 https://access.redhat.com/errata/RHSA-2024:8700 https://access.redhat.com/errata/RHSA-2024:8984 https://access.redhat.com/errata/RHSA-2024:9051 https://access.redhat.com/errata/RHSA • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-45275 – MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords

https://notcve.org/view.php?id=CVE-2024-45275

The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. Los dispositivos contienen dos cuentas de usuario codificadas con contraseñas codificadas que permiten a un atacante remoto no autenticado tener control total de los dispositivos afectados. • https://cert.vde.com/en/advisories/VDE-2024-056 https://cert.vde.com/en/advisories/VDE-2024-066 • CWE-798: Use of Hard-coded Credentials •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

CVE-2024-44775

https://notcve.org/view.php?id=CVE-2024-44775

An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request. • https://gist.github.com/pengwGit/26fd8630392af5d8829c2e220091ac4f • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •