Total
314 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22025 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration. | |||||
| CVE-2024-22019 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits. | |||||
| CVE-2024-20966 | 2024-11-21 | N/A | 4.9 MEDIUM | ||
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2024-20905 | 2024-11-21 | N/A | 2.7 LOW | ||
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2024-1193 | 1 Navicat | 1 Navicat | 2024-11-21 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252683. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1192 | 2024-11-21 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-252682 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1191 | 2024-11-21 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-252681 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1190 | 1 Globalscape | 1 Cuteftp | 2024-11-21 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252680. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1189 | 1 Softaculous | 1 Ampps | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252679. NOTE: The vendor explains that AMPPS 4.0 is a complete overhaul and the code was re-written. | |||||
| CVE-2024-1188 | 1 Rizonesoft | 1 Notepad3 | 2024-11-21 | 1.7 LOW | 3.3 LOW |
| A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Affected is an unknown function of the component Encryption Passphrase Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-252678 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1187 | 1 Munsoft | 1 Easy Outlook Express Recovery | 2024-11-21 | 1.7 LOW | 3.3 LOW |
| A vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252677 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1186 | 1 Munsoft | 1 Easy Archive Recovery | 2024-11-21 | 1.7 LOW | 3.3 LOW |
| A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1185 | 1 Nsasoft | 1 Network Bandwidth Monitor | 2024-11-21 | 1.7 LOW | 3.3 LOW |
| A vulnerability classified as problematic has been found in Nsasoft NBMonitor Network Bandwidth Monitor 1.6.5.0. This affects an unknown part of the component Registration Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252675. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1184 | 1 Nsasoft | 1 Network Sleuth | 2024-11-21 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-252674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1017 | 1 Gabriels Ftp Server Project | 1 Gabriels Ftp Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Gabriels FTP Server 1.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument USERNAME leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252287. | |||||
| CVE-2024-1016 | 1 Flexbyte | 1 Solar Ftp Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Solar FTP Server 2.1.1/2.1.2. It has been declared as problematic. This vulnerability affects unknown code of the component PASV Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252286 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0889 | 1 Kmint21 | 1 Golden Ftp Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as problematic. This issue affects some unknown processing of the component PASV Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252041 was assigned to this vulnerability. | |||||
| CVE-2024-0888 | 1 10n | 1 Borgchat | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in BORGChat 1.0.0 Build 438. This affects an unknown part of the component Service Port 7551. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252039. | |||||
| CVE-2024-0887 | 1 Mafiatic | 1 Blue Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Mafiatic Blue Server 1.1. Affected by this issue is some unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252038 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0886 | 1 Poikosoft | 1 Ez Cd Audio Converter | 2024-11-21 | 1.7 LOW | 3.3 LOW |
| A vulnerability classified as problematic was found in Poikosoft EZ CD Audio Converter 8.0.7. Affected by this vulnerability is an unknown functionality of the component Activation Handler. The manipulation of the argument Key leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252037 was assigned to this vulnerability. | |||||