Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29491 | 1 Libming | 1 Libming | 2025-04-01 | N/A | 6.5 MEDIUM |
| An allocation-size-too-big error in the parseSWF_DEFINEBINARYDATA function of libming v0.48 allows attackers to cause a Denial of Service (DoS) via supplying a crafted SWF file. | |||||
| CVE-2024-43484 | 3 Apple, Linux, Microsoft | 21 Macos, Linux Kernel, .net and 18 more | 2025-03-28 | N/A | 7.5 HIGH |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2023-24201 | 1 Oretnom23 | 1 Raffle Draw System | 2025-03-26 | N/A | 9.8 CRITICAL |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php. | |||||
| CVE-2024-41762 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||||
| CVE-2024-41761 | 2 Ibm, Linux | 3 Db2, Linux On Ibm Z, Linux Kernel | 2025-01-31 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||||
| CVE-2024-32035 | 1 Sixlabors | 1 Imagesharp | 2025-01-09 | N/A | 5.3 MEDIUM |
| ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8. | |||||
| CVE-2024-41132 | 1 Sixlabors | 1 Imagesharp | 2024-11-21 | N/A | 5.3 MEDIUM |
| ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9. | |||||
| CVE-2024-35116 | 1 Ibm | 1 Mq | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335. | |||||
| CVE-2023-6516 | 2 Isc, Netapp | 2 Bind, Active Iq Unified Manager | 2024-11-21 | N/A | 7.5 HIGH |
| To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1. | |||||
| CVE-2023-39203 | 1 Zoom | 2 Virtual Desktop Infrastructure, Zoom | 2024-11-21 | N/A | 4.3 MEDIUM |
| Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access. | |||||
| CVE-2023-30837 | 1 Vyperlang | 1 Vyper | 2024-11-21 | N/A | 7.5 HIGH |
| Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8. | |||||
| CVE-2022-4741 | 1 Search | 1 Docconv | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability was found in docconv up to 1.2.0 and classified as problematic. This issue affects the function ConvertDocx/ConvertODT/ConvertPages/ConvertXML/XMLToText. The manipulation leads to uncontrolled memory allocation. The attack may be initiated remotely. Upgrading to version 1.2.1 is able to address this issue. The name of the patch is 42bcff666855ab978e67a9041d0cdea552f20301. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216779. | |||||
| CVE-2022-31804 | 1 Codesys | 1 Gateway | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition. | |||||
| CVE-2022-22188 | 1 Juniper | 8 Ex4600, Ex4650, Junos and 5 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). The device must be configured with storm control profiling limiting the number of unknown broadcast, multicast, or unicast traffic to be vulnerable to this issue. This issue affects: Juniper Networks Junos OS on QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4600/EX4650 Series; 20.2 version 20.2R1 and later versions prior to 20.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 20.2R1. | |||||
| CVE-2021-34869 | 1 Parallels | 1 Parallels | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13797. | |||||
| CVE-2021-34868 | 1 Parallels | 1 Parallels | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13712. | |||||
| CVE-2021-34867 | 1 Parallels | 1 Parallels | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13672. | |||||
| CVE-2021-1568 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system. | |||||
| CVE-2021-1283 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is written to system log files. An attacker could exploit this vulnerability by authenticating to an affected device and inspecting a specific system log file. A successful exploit could allow the attacker to view sensitive information in the system log file. To exploit this vulnerability, the attacker would need to have valid user credentials. | |||||
| CVE-2024-40680 | 1 Ibm | 1 Mq Operator | 2024-10-31 | N/A | 5.5 MEDIUM |
| IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. | |||||