Total
2334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6090 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate. | |||||
| CVE-2024-6037 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption. | |||||
| CVE-2024-6036 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity. | |||||
| CVE-2024-5979 | 2024-11-21 | N/A | 7.5 HIGH | ||
| In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument, causing a denial of service. | |||||
| CVE-2024-5795 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 7.7 HIGH |
| A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-5569 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
| A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp. | |||||
| CVE-2024-5422 | 2024-11-21 | N/A | N/A | ||
| An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows DoS via HTTP.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below. | |||||
| CVE-2024-5216 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in the username field. This exploit results in the user management panel becoming unresponsive, preventing administrators from performing critical user management actions such as editing, suspending, or deleting users. The impact of this vulnerability includes administrative paralysis, compromised security, and operational disruption, as it allows malicious users to perpetuate their presence within the system indefinitely, undermines the system's security posture, and degrades overall system performance. | |||||
| CVE-2024-5208 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to shut down by sending an empty body with a 'Content-Length: 0' header or by sending a body with arbitrary content, such as 'asdasdasd', with a 'Content-Length: 9' header. The vulnerability is reproducible by users with at least a 'Manager' role, sending a crafted request to any workspace. This issue indicates that a previous fix was not effective in mitigating the vulnerability. | |||||
| CVE-2024-5055 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes. | |||||
| CVE-2024-5052 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests. | |||||
| CVE-2024-5013 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | N/A | 7.5 HIGH |
| In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible. | |||||
| CVE-2024-5011 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | N/A | 7.5 HIGH |
| In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service. | |||||
| CVE-2024-4599 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol. | |||||
| CVE-2024-4557 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 6.5 MEDIUM |
| Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 which allowed an attacker to cause resource exhaustion via banzai pipeline. | |||||
| CVE-2024-4549 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system. | |||||
| CVE-2024-4467 | 2024-11-21 | N/A | 7.8 HIGH | ||
| A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. | |||||
| CVE-2024-4438 | 2024-11-21 | N/A | 7.5 HIGH | ||
| The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. | |||||
| CVE-2024-4437 | 2024-11-21 | N/A | 7.5 HIGH | ||
| The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. | |||||
| CVE-2024-4436 | 2024-11-21 | N/A | 7.5 HIGH | ||
| The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. | |||||