Total
1104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7696 | 1 Sap | 1 Sso Authentication Library | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042. | |||||
| CVE-2017-6640 | 1 Cisco | 1 Prime Data Center Network Manager | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346. | |||||
| CVE-2025-3734 | 2025-04-17 | N/A | 5.9 MEDIUM | ||
| Allocation of Resources Without Limits or Throttling vulnerability in Drupal Stage File Proxy allows Flooding.This issue affects Stage File Proxy: from 0.0.0 before 3.1.5. | |||||
| CVE-2022-42531 | 1 Google | 1 Android | 2025-04-17 | N/A | 7.8 HIGH |
| In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231500967References: N/A | |||||
| CVE-2023-51334 | 1 Phpjabbers | 1 Cinema Booking System | 2025-04-17 | N/A | 5.3 MEDIUM |
| A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | |||||
| CVE-2023-51339 | 1 Phpjabbers | 1 Event Ticketing System | 2025-04-17 | N/A | 6.5 MEDIUM |
| A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Event Ticketing System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | |||||
| CVE-2024-57662 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
| An issue in the sqlg_hash_source component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2024-57663 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
| An issue in the sqlg_place_dpipes component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2024-57664 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
| An issue in the sqlg_group_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2025-21614 | 1 Go-git Project | 1 Go-git | 2025-04-17 | N/A | 7.5 HIGH |
| go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability. | |||||
| CVE-2024-57722 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | N/A | 7.5 HIGH |
| lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovg_surface_create. | |||||
| CVE-2022-45434 | 2 Dahuasecurity, Microsoft | 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more | 2025-04-14 | N/A | 5.9 MEDIUM |
| Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host. | |||||
| CVE-2016-8576 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2025-04-12 | 2.1 LOW | 6.0 MEDIUM |
| The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. | |||||
| CVE-2016-4074 | 1 Jq Project | 1 Jq | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0. | |||||
| CVE-2020-36568 | 1 Revel | 1 Revel | 2025-04-11 | N/A | 7.5 HIGH |
| Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation. | |||||
| CVE-2025-22869 | 2025-04-11 | N/A | 7.5 HIGH | ||
| SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. | |||||
| CVE-2025-26480 | 2025-04-11 | N/A | 5.3 MEDIUM | ||
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2025-32386 | 2025-04-11 | N/A | 6.5 MEDIUM | ||
| Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3. | |||||
| CVE-2025-1677 | 2025-04-11 | N/A | 6.5 MEDIUM | ||
| A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversized payloads into CI pipeline exports. | |||||
| CVE-2025-29916 | 2025-04-11 | N/A | 6.2 MEDIUM | ||
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can lead to large memory allocations, potentially leading to denial of service due to resource starvation. This vulnerability is fixed in 7.0.9. | |||||