Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31016 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, ...
Show More |
|||||
| CVE-2022-30775 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.
|
|||||
| CVE-2022-30522 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
|
|||||
| CVE-2022-2929 | 3 Debian, Fedoraproject, Isc | 3 Debian Linux, Fedora, Dhcp | 2024-11-21 | N/A | 6.5 MEDIUM |
|
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
|
|||||
| CVE-2022-2879 | 1 Golang | 1 Go | 2024-11-21 | N/A | 7.5 HIGH |
|
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.
|
|||||
| CVE-2022-2406 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API.
|
|||||
| CVE-2022-2134 | 1 Inventree Project | 1 Inventree | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Allocation of Resources Without Limits or Throttling in GitHub repository inventree/inventree prior to 0.8.0.
|
|||||
| CVE-2022-29973 | 1 Exfat Project | 1 Exfat | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength.
|
|||||
| CVE-2022-29863 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation.
|
|||||
| CVE-2022-29767 | 1 Adbyby Project | 1 Adbyby | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections.
|
|||||
| CVE-2022-29701 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
|
|||||
| CVE-2022-29503 | 3 Anker, Uclibc, Uclibc-ng Project | 4 Eufy Homebase 2, Eufy Homebase 2 Firmware, Uclibc and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.
|
|||||
| CVE-2022-29404 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
|
|||||
| CVE-2022-29286 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.
|
|||||
| CVE-2022-28871 | 3 Apple, F-secure, Microsoft | 4 Mac Os X, Macos, Atlant and 1 more | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.
|
|||||
| CVE-2022-28655 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | N/A | 7.1 HIGH |
|
is_closing_session() allows users to create arbitrary tcp dbus connections
|
|||||
| CVE-2022-28654 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
|
is_closing_session() allows users to fill up apport.log
|
|||||
| CVE-2022-27871 | 1 Autodesk | 14 3ds Max, Advance Steel, Autocad and 11 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.
|
|||||
| CVE-2022-27819 | 1 Waycrate | 1 Swhkd | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
|
SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).
|
|||||
| CVE-2022-26336 | 2 Apache, Netapp | 2 Poi, Active Iq Unified Manager | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to ...
Show More |
|||||
| CVE-2022-25897 | 1 Eclipse | 1 Milo | 2024-11-21 | N/A | 5.9 MEDIUM |
|
The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
|
|||||
| CVE-2022-25888 | 1 Opcua Project | 1 Opcua | 2024-11-21 | N/A | 7.5 HIGH |
|
The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.
|
|||||
| CVE-2022-25761 | 2 Fedoraproject, Open62541 | 2 Fedora, Open62541 | 2024-11-21 | N/A | 7.5 HIGH |
|
The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.
|
|||||
| CVE-2022-25304 | 2 Asyncua Project, Opcua Project | 2 Asyncua, Opcua | 2024-11-21 | N/A | 7.5 HIGH |
|
All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.
|
|||||
| CVE-2022-25231 | 1 Node-opcua Project | 1 Node-opcua | 2024-11-21 | N/A | 7.5 HIGH |
|
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.
|
|||||
| CVE-2022-25169 | 2 Apache, Oracle | 2 Tika, Primavera Unifier | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
|
|||||
| CVE-2022-24741 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 MEDIUM | 3.5 LOW |
|
Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `'enable_previews'` config flag.
|
|||||
| CVE-2022-24685 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6.
|
|||||
| CVE-2022-24381 | 1 Asneg | 1 Opc Ua Stack | 2024-11-21 | N/A | 7.5 HIGH |
|
All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.
|
|||||
| CVE-2022-24196 | 1 Itextpdf | 1 Itext | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
|
|||||
| CVE-2022-23913 | 2 Apache, Netapp | 3 Activemq Artemis, Active Iq Unified Manager, Oncommand Workflow Automation | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
|
|||||
| CVE-2022-23837 | 2 Contribsys, Debian | 2 Sidekiq, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
|
|||||
| CVE-2022-23524 | 1 Helm | 1 Helm | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK us ...
Show More |
|||||
| CVE-2022-23492 | 1 Protocol | 1 Libp2p | 2024-11-21 | N/A | 7.5 HIGH |
|
go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits ha ...
Show More |
|||||
| CVE-2022-23487 | 1 Protocol | 1 Libp2p | 2024-11-21 | N/A | 7.5 HIGH |
|
js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limit ...
Show More |
|||||
| CVE-2022-23486 | 1 Protocol | 1 Libp2p | 2024-11-21 | N/A | 7.5 HIGH |
|
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting killed by its operating system. When executed continuously, this can lead to a denial of service attack, especially relevant on a larger scale when run against more than one node of a libp2p based netwo ...
Show More |
|||||
| CVE-2022-23228 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service.
|
|||||
| CVE-2022-22979 | 1 Vmware | 1 Spring Cloud Function | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.
|
|||||
| CVE-2022-22971 | 3 Netapp, Oracle, Vmware | 4 Cloud Secure Agent, Oncommand Insight, Financial Services Crime And Compliance Management Studio and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
|
|||||
| CVE-2022-22970 | 3 Netapp, Oracle, Vmware | 6 Active Iq Unified Manager, Brocade San Navigator, Cloud Secure Agent and 3 more | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
|
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
|
|||||