Monthly
Denial of Service in Red Hat Build of Keycloak allows unauthenticated remote attackers to exhaust server resources by submitting specially crafted POST requests with excessively long scope parameters to the OpenID Connect token endpoint. No public exploit identified at time of analysis, but CVSS 7.5 (High) with network attack vector and low complexity indicates straightforward exploitation. Authentication requirements: unauthenticated (CVSS PR:N). The vulnerability stems from improper resource management (CWE-1050), enabling attackers to cause prolonged processing times and service disruption without any authentication or user interaction.
Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to slowdown over multiple packets (CVSS 5.3).
Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to severe slowdowns (CVSS 3.7).
Evershop contains a vulnerability that allows attackers to exhaust the application server's resources via the "GET /images" API (CVSS 7.5).
ModSecurity versions prior to 2.9.10 contain a denial of service vulnerability in the `sanitiseArg` and `sanitizeArg` actions that allows unauthenticated remote attackers to cause service disruption by submitting requests with an excessive number of arguments. This is a network-accessible DoS vulnerability with high impact on availability that affects widely-deployed WAF deployments across Apache, IIS, and Nginx platforms.
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A flaw was found in libsoup. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial of Service in Red Hat Build of Keycloak allows unauthenticated remote attackers to exhaust server resources by submitting specially crafted POST requests with excessively long scope parameters to the OpenID Connect token endpoint. No public exploit identified at time of analysis, but CVSS 7.5 (High) with network attack vector and low complexity indicates straightforward exploitation. Authentication requirements: unauthenticated (CVSS PR:N). The vulnerability stems from improper resource management (CWE-1050), enabling attackers to cause prolonged processing times and service disruption without any authentication or user interaction.
Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to slowdown over multiple packets (CVSS 5.3).
Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to severe slowdowns (CVSS 3.7).
Evershop contains a vulnerability that allows attackers to exhaust the application server's resources via the "GET /images" API (CVSS 7.5).
ModSecurity versions prior to 2.9.10 contain a denial of service vulnerability in the `sanitiseArg` and `sanitizeArg` actions that allows unauthenticated remote attackers to cause service disruption by submitting requests with an excessive number of arguments. This is a network-accessible DoS vulnerability with high impact on availability that affects widely-deployed WAF deployments across Apache, IIS, and Nginx platforms.
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A flaw was found in libsoup. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.