Total
1942 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12698 | 2025-02-25 | N/A | 6.5 MEDIUM | ||
| An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources. | |||||
| CVE-2022-48351 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | N/A | 7.5 HIGH |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-27100 | 2025-02-21 | N/A | 6.5 MEDIUM | ||
| lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versions 1.49.1 and below are affected. Users are advised to upgrade. Users unable to upgrade should either set the environment variable `LAKEFS_BLOCKSTORE_S3_DISABLE_PRE_SIGNED_MULTIPART` to `true` or configure the `disable_pre_signed_multipart` key to true in their config yaml. | |||||
| CVE-2022-33142 | 1 Wordplus | 1 Better Messages | 2025-02-20 | N/A | 7.7 HIGH |
| Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. | |||||
| CVE-2023-21061 | 1 Google | 1 Android | 2025-02-20 | N/A | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/A | |||||
| CVE-2024-57082 | 2025-02-18 | N/A | 6.5 MEDIUM | ||
| A prototype pollution in the lib.createUploader function of @rpldy/uploader v1.8.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | |||||
| CVE-2022-4899 | 1 Facebook | 1 Zstandard | 2025-02-18 | N/A | 7.5 HIGH |
| A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. | |||||
| CVE-2023-28507 | 2 Linux, Rocketsoftware | 3 Linux Kernel, Unidata, Universe | 2025-02-18 | N/A | 9.8 CRITICAL |
| Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes. | |||||
| CVE-2025-23184 | 1 Apache | 1 Cxf | 2025-02-15 | N/A | 5.9 MEDIUM |
| A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients). | |||||
| CVE-2023-29139 | 1 Mediawiki | 1 Mediawiki | 2025-02-14 | N/A | 6.5 MEDIUM |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout). | |||||
| CVE-2020-19850 | 1 Monospace | 1 Directus | 2025-02-14 | N/A | 6.5 MEDIUM |
| An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests. | |||||
| CVE-2023-27734 | 1 Edb-debugger Project | 1 Edb-debugger | 2025-02-14 | N/A | 5.5 MEDIUM |
| An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker to causea denial of service via the collect_symbols function in plugins/BinaryInfo/symbols.cpp. | |||||
| CVE-2024-26141 | 2 Debian, Rack | 2 Debian Linux, Rack | 2025-02-14 | N/A | 5.8 MEDIUM |
| Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1. | |||||
| CVE-2024-2757 | 2025-02-13 | N/A | 7.5 HIGH | ||
| In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. | |||||
| CVE-2024-23952 | 1 Apache | 1 Superset | 2025-02-13 | N/A | 6.5 MEDIUM |
| This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. | |||||
| CVE-2024-22201 | 3 Debian, Eclipse, Netapp | 4 Debian Linux, Jetty, Active Iq Unified Manager and 1 more | 2025-02-13 | N/A | 7.5 HIGH |
| Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6. | |||||
| CVE-2023-46104 | 1 Apache | 1 Superset | 2025-02-13 | N/A | 6.5 MEDIUM |
| Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. | |||||
| CVE-2025-0426 | 2025-02-13 | N/A | 6.2 MEDIUM | ||
| A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk. | |||||
| CVE-2023-43622 | 1 Apache | 1 Http Server | 2025-02-13 | N/A | 7.5 HIGH |
| An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. | |||||
| CVE-2023-34324 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2025-02-13 | N/A | 4.9 MEDIUM |
| Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock). | |||||