Total
1310 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46877 | 1 Fasterxml | 1 Jackson-databind | 2025-02-26 | N/A | 7.5 HIGH |
| jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. | |||||
| CVE-2024-50311 | 1 Redhat | 1 Openshift Container Platform | 2025-02-25 | N/A | 6.5 MEDIUM |
| A denial of service (DoS) vulnerability was found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality. The vulnerability arises when multiple queries can be sent within a single request, enabling an attacker to submit a request containing thousands of aliases in one query. This issue causes excessive resource consumption, leading to application unavailability for legitimate users. | |||||
| CVE-2025-27144 | 2025-02-24 | N/A | N/A | ||
| Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters. | |||||
| CVE-2024-43709 | 1 Elastic | 1 Elasticsearch | 2025-02-21 | N/A | 6.5 MEDIUM |
| An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function. | |||||
| CVE-2024-48080 | 2025-02-21 | N/A | 7.5 HIGH | ||
| An issue in aedes v0.51.2 allows attackers to cause a Denial of Service(DoS) via a crafted request. NOTE: the Supplier indicates that exploitation cannot occur because of the protection mechanism in the validateTopic function in lib/utils.js. | |||||
| CVE-2022-48357 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | N/A | 7.5 HIGH |
| Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel. | |||||
| CVE-2024-49589 | 2025-02-18 | N/A | 6.5 MEDIUM | ||
| Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size). | |||||
| CVE-2023-50658 | 1 Dvsekhvalnov | 1 Jose2go | 2025-02-14 | N/A | 7.5 HIGH |
| The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. | |||||
| CVE-2023-52606 | 1 Linux | 1 Linux Kernel | 2025-02-14 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyse_instr(). Add a check to validate the assumption on the maximum size of the operations, so as to prevent any unintended kernel stack corruption. | |||||
| CVE-2024-22201 | 3 Debian, Eclipse, Netapp | 4 Debian Linux, Jetty, Active Iq Unified Manager and 1 more | 2025-02-13 | N/A | 7.5 HIGH |
| Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6. | |||||
| CVE-2023-6337 | 1 Hashicorp | 1 Vault | 2025-02-13 | N/A | 7.5 HIGH |
| HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12. | |||||
| CVE-2023-42504 | 1 Apache | 1 Superset | 2025-02-13 | N/A | 5.8 MEDIUM |
| An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0 | |||||
| CVE-2023-42457 | 1 Plone | 1 Rest | 2025-02-13 | N/A | 7.5 HIGH |
| plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive. Patches are available in `plone.rest` 2.0.1 and 3.0.1. Series 1.x is not affected. As a workaround, one may redirect `/++api++/++api++` to `/++api++` in one's frontend web server (nginx, Apache). | |||||
| CVE-2023-34396 | 1 Apache | 1 Struts | 2025-02-13 | N/A | 4.3 MEDIUM |
| Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater | |||||
| CVE-2023-34149 | 1 Apache | 1 Struts | 2025-02-13 | N/A | 4.3 MEDIUM |
| Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater. | |||||
| CVE-2023-24998 | 2 Apache, Debian | 2 Commons Fileupload, Debian Linux | 2025-02-13 | N/A | 7.5 HIGH |
| Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. | |||||
| CVE-2023-0568 | 1 Php | 1 Php | 2025-02-13 | N/A | 7.5 HIGH |
| In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. | |||||
| CVE-2023-27530 | 2 Debian, Rack | 2 Debian Linux, Rack | 2025-02-13 | N/A | 7.5 HIGH |
| A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. | |||||
| CVE-2025-1059 | 2025-02-13 | N/A | 7.5 HIGH | ||
| CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device. | |||||
| CVE-2023-51393 | 1 Silabs | 1 Emberznet | 2025-02-12 | N/A | 5.3 MEDIUM |
| Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network. | |||||