Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41761 | 2 Ibm, Linux | 3 Db2, Linux On Ibm Z, Linux Kernel | 2025-01-31 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
|
|||||
| CVE-2023-30455 | 1 Ebankit | 1 Ebankit | 2025-01-30 | N/A | 7.5 HIGH |
|
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without throwing an error. When this many IDs are supplied, the server takes around 60 seconds to respond and successfully generate the expected ZIP archive (during this time period, no other pages load). A threat a ...
Show More |
|||||
| CVE-2023-31472 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2025-01-29 | N/A | 7.5 HIGH |
|
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.
|
|||||
| CVE-2023-26285 | 1 Ibm | 1 Mq Appliance | 2025-01-29 | N/A | 5.9 MEDIUM |
|
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.
|
|||||
| CVE-2024-26265 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | N/A | 5.0 MEDIUM |
|
The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, which allows remote authenticated users to upload arbitrarily large files to the system's temp folder by modifying the `maxFileSize` parameter.
|
|||||
| CVE-2024-56316 | 2025-01-28 | N/A | 7.5 HIGH | ||
|
In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting does not resolve the permanent Denial of Service.
|
|||||
| CVE-2024-55195 | 2025-01-28 | N/A | 7.5 HIGH | ||
|
An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space.
|
|||||
| CVE-2024-36378 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 5.9 MEDIUM |
|
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens
|
|||||
| CVE-2021-46760 | 1 Amd | 14 Ryzen 3945wx, Ryzen 3945wx Firmware, Ryzen 3955wx and 11 more | 2025-01-27 | N/A | 9.8 CRITICAL |
|
A malicious or compromised UApp or ABL can send
a malformed system call to the bootloader, which may result in an out-of-bounds
memory access that may potentially lead to an attacker leaking sensitive
information or achieving code execution.
|
|||||
| CVE-2023-28356 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-27 | N/A | 7.5 HIGH |
|
A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive.
|
|||||
| CVE-2025-0695 | 2025-01-27 | N/A | 5.3 MEDIUM | ||
|
An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input.
|
|||||
| CVE-2024-38821 | 2025-01-24 | N/A | 9.1 CRITICAL | ||
|
Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.
For this to impact an application, all of the following must be true:
* It must be a WebFlux application
* It must be using Spring's static resources support
* It must have a non-permitAll authorization rule applied to the static resources support
|
|||||
| CVE-2023-31914 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | N/A | 5.5 MEDIUM |
|
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc.
|
|||||
| CVE-2023-21110 | 1 Google | 1 Android | 2025-01-24 | N/A | 7.8 HIGH |
|
In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258422365
|
|||||
| CVE-2023-20930 | 1 Google | 1 Android | 2025-01-24 | N/A | 5.5 MEDIUM |
|
In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-250576066
|
|||||
| CVE-2024-23979 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2025-01-23 | N/A | 7.5 HIGH |
|
When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
|
|||||
| CVE-2024-21771 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2025-01-23 | N/A | 7.5 HIGH |
|
For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
|
|||||
| CVE-2025-24033 | 2025-01-23 | N/A | 7.5 HIGH | ||
|
@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the `saveRequestFiles` function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use `saveRequestFiles`.
|
|||||
| CVE-2024-25978 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | N/A | 7.5 HIGH |
|
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.
|
|||||
| CVE-2024-3382 | 1 Paloaltonetworks | 6 Pa-5410, Pa-5420, Pa-5430 and 3 more | 2025-01-22 | N/A | 7.5 HIGH |
|
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.
|
|||||
| CVE-2018-25108 | 2025-01-16 | N/A | 7.5 HIGH | ||
|
An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption.
|
|||||
| CVE-2023-33720 | 1 Mp4v2 Project | 1 Mp4v2 | 2025-01-14 | N/A | 6.5 MEDIUM |
|
mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty.
|
|||||
| CVE-2019-9518 | 11 Apache, Apple, Canonical and 8 more | 20 Traffic Server, Mac Os X, Swiftnio and 17 more | 2025-01-14 | 7.8 HIGH | 7.5 HIGH |
|
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
|
|||||
| CVE-2019-9517 | 12 Apache, Apple, Canonical and 9 more | 25 Http Server, Traffic Server, Mac Os X and 22 more | 2025-01-14 | 7.8 HIGH | 7.5 HIGH |
|
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
|
|||||
| CVE-2019-9516 | 12 Apache, Apple, Canonical and 9 more | 21 Traffic Server, Mac Os X, Swiftnio and 18 more | 2025-01-14 | 6.8 MEDIUM | 6.5 MEDIUM |
|
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
|
|||||
| CVE-2019-9515 | 12 Apache, Apple, Canonical and 9 more | 24 Traffic Server, Mac Os X, Swiftnio and 21 more | 2025-01-14 | 7.8 HIGH | 7.5 HIGH |
|
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
|
|||||
| CVE-2019-9514 | 13 Apache, Apple, Canonical and 10 more | 30 Traffic Server, Mac Os X, Swiftnio and 27 more | 2025-01-14 | 7.8 HIGH | 7.5 HIGH |
|
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
|
|||||
| CVE-2019-9511 | 12 Apache, Apple, Canonical and 9 more | 22 Traffic Server, Mac Os X, Swiftnio and 19 more | 2025-01-14 | 7.8 HIGH | 7.5 HIGH |
|
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
|
|||||
| CVE-2023-29737 | 1 Wavekeyboard | 1 Wave Animated Keyboard Emoji | 2025-01-14 | N/A | 5.5 MEDIUM |
|
An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause a denial of service via the database files.
|
|||||
| CVE-2024-43064 | 1 Qualcomm | 60 Qam8255p, Qam8255p Firmware, Qam8295p and 57 more | 2025-01-13 | N/A | 7.5 HIGH |
|
Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU.
|
|||||
| CVE-2023-33656 | 1 Emqx | 1 Nanomq | 2025-01-10 | N/A | 5.5 MEDIUM |
|
A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources.
|
|||||
| CVE-2023-0616 | 1 Mozilla | 1 Thunderbird | 2025-01-10 | N/A | 6.5 MEDIUM |
|
If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8.
|
|||||
| CVE-2024-1666 | 1 Lunary | 1 Lunary | 2025-01-10 | N/A | 5.3 MEDIUM |
|
In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result, attackers can bypass the intended account upgrade requirement by directly sending crafted requests to the server, enabling the creation of an unlimited number of radars without payment.
|
|||||
| CVE-2024-32035 | 1 Sixlabors | 1 Imagesharp | 2025-01-09 | N/A | 5.3 MEDIUM |
|
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. User ...
Show More |
|||||
| CVE-2024-7807 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-01-09 | N/A | 7.5 HIGH |
|
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.
|
|||||
| CVE-2024-29902 | 1 Sigstore | 1 Cosign | 2025-01-09 | N/A | 4.2 MEDIUM |
|
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial. The root cause of t ...
Show More |
|||||
| CVE-2024-29903 | 1 Sigstore | 1 Cosign | 2025-01-09 | N/A | 4.2 MEDIUM |
|
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. The exact issue is Cosign allocates exc ...
Show More |
|||||
| CVE-2023-2253 | 1 Redhat | 3 Openshift Api For Data Protection, Openshift Container Platform, Openshift Developer Tools And Services | 2025-01-07 | N/A | 6.5 MEDIUM |
|
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.
|
|||||
| CVE-2022-48441 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
|
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48440 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
|
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||