Total
332 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2829 | 1 Gitlab | 1 Gitlab | 2024-12-12 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service. | |||||
| CVE-2023-6682 | 1 Gitlab | 1 Gitlab | 2024-12-12 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS attack on the server. | |||||
| CVE-2023-6688 | 1 Gitlab | 1 Gitlab | 2024-12-12 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server. | |||||
| CVE-2023-6678 | 1 Gitlab | 1 Gitlab | 2024-12-11 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file. | |||||
| CVE-2023-6489 | 1 Gitlab | 1 Gitlab | 2024-12-11 | N/A | 4.3 MEDIUM |
| A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature. | |||||
| CVE-2024-10270 | 2024-11-25 | N/A | 6.5 MEDIUM | ||
| A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity. | |||||
| CVE-2024-52524 | 2024-11-21 | N/A | N/A | ||
| Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponential regex evaluation times, potentially leading to denial of service. Giskard versions prior to 2.15.5 are affected. | |||||
| CVE-2024-8124 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a specific POST request. | |||||
| CVE-2024-6434 | 1 Leap13 | 1 Premium Addons For Elementor | 2024-11-21 | N/A | 3.1 LOW |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with Author-level access and above, to create and query a malicious post title, resulting in slowing server resources. | |||||
| CVE-2024-5552 | 1 Kubeflow | 1 Kubeflow | 2024-11-21 | N/A | 7.5 HIGH |
| kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes the application to consume an excessive amount of CPU resources. This vulnerability affects the latest version of kubeflow/kubeflow, specifically within the centraldashboard-angular backend component. The impact of exploiting this vulnerability includes resource exhaustion, and service disruption. | |||||
| CVE-2024-4056 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources. | |||||
| CVE-2024-41818 | 1 Fast-xml-parser Project | 1 Fast-xml-parser | 2024-11-21 | N/A | 7.5 HIGH |
| fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1. | |||||
| CVE-2024-41655 | 2024-11-21 | N/A | 7.5 HIGH | ||
| TF2 Item Format helps users format TF2 items to the community standards. Versions of `tf2-item-format` since at least `4.2.6` and prior to `5.9.14` are vulnerable to a Regular Expression Denial of Service (ReDoS) attack when parsing crafted user input. This vulnerability can be exploited by an attacker to perform DoS attacks on any service that uses any `tf2-item-format` to parse user input. Version `5.9.14` contains a fix for the issue. | |||||
| CVE-2024-39317 | 1 Wagtail | 1 Wagtail | 2024-11-21 | N/A | 6.5 MEDIUM |
| Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, `parse_query_string` would take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. If your Wagtail site has a custom search implementation which uses `parse_query_string`, it may be exploitable by other users (e.g. unauthenticated users). Patched versions have been released as Wagtail 5.2.6, 6.0.6 and 6.1.3. | |||||
| CVE-2024-39316 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service (ReDoS) vulnerability exists in the `Rack::Request::Helpers` module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted `Accept-Encoding` or `Accept-Language` headers, causing the server to spend excessive time processing the request and leading to a Denial of Service (DoS). The fix for CVE-2024-26146 was not applied to the main branch and thus while the issue was fixed for the Rack v3.0 release series, it was not fixed in the v3.1 release series until v3.1.5. Users of versions on the 3.1 branch should upgrade to version 3.1.5 to receive the fix. | |||||
| CVE-2024-39249 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input. | |||||
| CVE-2024-28716 | 2024-11-21 | N/A | 7.5 HIGH | ||
| An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component. | |||||
| CVE-2024-27351 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. | |||||
| CVE-2024-22363 | 2024-11-21 | N/A | 7.5 HIGH | ||
| SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS). | |||||
| CVE-2024-21503 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings. | |||||