Total
1207 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48441 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
| In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-48440 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
| In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2024-28760 | 1 Ibm | 1 App Connect Enterprise | 2025-01-07 | N/A | 4.3 MEDIUM |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244. | |||||
| CVE-2023-38543 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | |||||
| CVE-2023-0121 | 1 Gitlab | 1 Gitlab | 2025-01-07 | N/A | 6.5 MEDIUM |
| A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts. | |||||
| CVE-2023-29767 | 1 Appcrossx | 1 Crossx | 2025-01-06 | N/A | 5.5 MEDIUM |
| An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files. | |||||
| CVE-2024-54538 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-01-06 | N/A | 7.5 HIGH |
| A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service. | |||||
| CVE-2024-56332 | 2025-01-03 | N/A | 5.3 MEDIUM | ||
| Next.js is a React framework for building full-stack web applications. Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2, Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers to construct requests that leaves requests to Server Actions hanging until the hosting provider cancels the function execution. This vulnerability can also be used as a Denial of Wallet (DoW) attack when deployed in providers billing by response times. (Note: Next.js server is idle during that time and only keeps the connection open. CPU and memory footprint are low during that time.). Deployments without any protection against long running Server Action invocations are especially vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration on function execution to reduce the risk of excessive billing. This is the same issue as if the incoming HTTP request has an invalid `Content-Length` header or never closes. If the host has no other mitigations to those then this vulnerability is novel. This vulnerability affects only Next.js deployments using Server Actions. The issue was resolved in Next.js 13.5.8, 14.2.21, and 15.1.2. We recommend that users upgrade to a safe version. There are no official workarounds. | |||||
| CVE-2024-49767 | 1 Palletsprojects | 2 Quart, Werkzeug | 2025-01-03 | N/A | 7.5 HIGH |
| Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue. | |||||
| CVE-2024-56319 | 2024-12-31 | N/A | 7.5 HIGH | ||
| In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a denial of service (resource exhaustion). | |||||
| CVE-2024-53647 | 2024-12-31 | N/A | 6.5 MEDIUM | ||
| Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service. | |||||
| CVE-2024-32663 | 1 Oisf | 1 Suricata | 2024-12-19 | N/A | 7.5 HIGH |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536). | |||||
| CVE-2024-54501 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-12-19 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted file may lead to a denial of service. | |||||
| CVE-2023-21144 | 1 Google | 1 Android | 2024-12-18 | N/A | 7.5 HIGH |
| In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252766417 | |||||
| CVE-2024-44241 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-18 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. | |||||
| CVE-2024-43083 | 1 Google | 1 Android | 2024-12-17 | N/A | 5.5 MEDIUM |
| In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-31314 | 1 Google | 1 Android | 2024-12-17 | N/A | 5.5 MEDIUM |
| In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-30903 | 1 Hp | 1 Hp-ux | 2024-12-17 | N/A | 5.5 MEDIUM |
| HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6. | |||||
| CVE-2022-34357 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-12-17 | N/A | 6.5 MEDIUM |
| IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510. | |||||
| CVE-2024-0026 | 1 Google | 1 Android | 2024-12-17 | N/A | 5.5 MEDIUM |
| In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||