Total
1207 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5625 | 1 Redhat | 6 Enterprise Linux, Openshift Container Platform For Arm64, Openshift Container Platform For Linuxone and 3 more | 2024-12-06 | N/A | 5.3 MEDIUM |
| A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products. | |||||
| CVE-2023-32385 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-12-05 | N/A | 5.5 MEDIUM |
| A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination. | |||||
| CVE-2024-53857 | 2024-12-05 | N/A | 7.5 HIGH | ||
| rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys. | |||||
| CVE-2023-21176 | 1 Google | 1 Android | 2024-12-05 | N/A | 4.4 MEDIUM |
| In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222287335 | |||||
| CVE-2024-48844 | 2024-12-05 | N/A | 7.7 HIGH | ||
| Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | |||||
| CVE-2024-48843 | 2024-12-05 | N/A | 7.7 HIGH | ||
| Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | |||||
| CVE-2023-49559 | 2024-12-03 | N/A | 3.7 LOW | ||
| An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function. | |||||
| CVE-2024-52805 | 2024-12-03 | N/A | N/A | ||
| Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type. | |||||
| CVE-2024-37302 | 2024-12-03 | N/A | 7.5 HIGH | ||
| Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new "leaky bucket" rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data to be cached. | |||||
| CVE-2024-48530 | 2024-12-03 | N/A | 7.5 HIGH | ||
| An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2023-36357 | 1 Tp-link | 6 Tl-wr841n, Tl-wr841n Firmware, Tl-wr940n and 3 more | 2024-12-02 | N/A | 7.7 HIGH |
| An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-36368 | 1 Monetdb | 1 Monetdb | 2024-12-02 | N/A | 7.5 HIGH |
| An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2023-36367 | 1 Monetdb | 1 Monetdb | 2024-12-02 | N/A | 7.5 HIGH |
| An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2023-36366 | 1 Monetdb | 1 Monetdb | 2024-12-02 | N/A | 7.5 HIGH |
| An issue in the log_create_delta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2023-36365 | 1 Monetdb | 1 Monetdb | 2024-12-02 | N/A | 7.5 HIGH |
| An issue in the sql_trans_copy_key component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2024-53981 | 2024-12-02 | N/A | 7.5 HIGH | ||
| python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause excessive logging for certain inputs. An attacker could abuse this by sending a malicious request with lots of data before the first or after the last boundary, causing high CPU load and stalling the processing thread for a significant amount of time. In case of ASGI application, this could stall the event loop and prevent other requests from being processed, resulting in a denial of service (DoS). This vulnerability is fixed in 0.0.18. | |||||
| CVE-2024-6509 | 2024-11-29 | N/A | 6.5 MEDIUM | ||
| Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2024-50271 | 1 Linux | 1 Linux Kernel | 2024-11-27 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: signal: restore the override_rlimit logic Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of signals. However now it's enforced unconditionally, even if override_rlimit is set. This behavior change caused production issues. For example, if the limit is reached and a process receives a SIGSEGV signal, sigqueue_alloc fails to allocate the necessary resources for the signal delivery, preventing the signal from being delivered with siginfo. This prevents the process from correctly identifying the fault address and handling the error. From the user-space perspective, applications are unaware that the limit has been reached and that the siginfo is effectively 'corrupted'. This can lead to unpredictable behavior and crashes, as we observed with java applications. Fix this by passing override_rlimit into inc_rlimit_get_ucounts() and skip the comparison to max there if override_rlimit is set. This effectively restores the old behavior. | |||||
| CVE-2024-50285 | 1 Linux | 1 Linux Kernel | 2024-11-27 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: check outstanding simultaneous SMB operations If Client send simultaneous SMB operations to ksmbd, It exhausts too much memory through the "ksmbd_work_cache”. It will cause OOM issue. ksmbd has a credit mechanism but it can't handle this problem. This patch add the check if it exceeds max credits to prevent this problem by assuming that one smb request consumes at least one credit. | |||||
| CVE-2018-15458 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. An attacker could exploit this vulnerability by sending a steady stream of remote authentication requests to the appliance when the specific configuration is applied. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the device functions could operate abnormally, making the device unstable. | |||||