CVE-2024-1953

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-400
View all →

Vulnerability Description

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.

Related Vulnerabilities

CVE-2012-0049

MEDIUM
CVSS:4.3(Medium)

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

CWE-4002012

CVE-2016-7427

MEDIUM
CVSS:4.3(Medium)

The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packe...

CWE-4002016

CVE-2016-7428

MEDIUM
CVSS:4.3(Medium)

ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.

CWE-4002016

CVE-2018-15325

MEDIUM
CVSS:4.3(Medium)

In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands

CWE-4002018

CVE-2019-13011

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template...

CWE-4002019

CVE-2020-13333

MEDIUM
CVSS:4.3(Medium)

A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks...

CWE-4002020