Total
1621 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41294 | 1 Huawei | 1 Harmonyos | 2024-11-21 | N/A | 9.8 CRITICAL |
| The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services. | |||||
| CVE-2023-41173 | 1 Adguard-dns | 1 Adguard Dns | 2024-11-21 | N/A | 7.5 HIGH |
| AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets. | |||||
| CVE-2023-41121 | 1 Arraynetworks | 2 Arrayos Ag, Vxag | 2024-11-21 | N/A | 7.5 HIGH |
| Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations. | |||||
| CVE-2023-41102 | 1 Opennds | 1 Opennds | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. Affected OpenNDS before version 10.1.3 fixed in OpenWrt master and OpenWrt 23.05 on 23. November by updating OpenNDS to version 10.2.0. | |||||
| CVE-2023-40710 | 1 Opto22 | 2 Snap Pac S1, Snap Pac S1 Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b | |||||
| CVE-2023-40709 | 1 Opto22 | 2 Snap Pac S1, Snap Pac S1 Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b | |||||
| CVE-2023-40703 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 4.3 MEDIUM |
| Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string. | |||||
| CVE-2023-40692 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807. | |||||
| CVE-2023-40591 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | N/A | 7.5 HIGH |
| go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-40584 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | N/A | 6.5 MEDIUM |
| Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system's functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed. A patch for this vulnerability has been released in versions 2.6.15, 2.7.14, and 2.8.3. Users are advised to upgrade. The only way to completely resolve the issue is to upgrade, however users unable to upgrade should configure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts. | |||||
| CVE-2023-40441 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | N/A | 6.5 MEDIUM |
| A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service. | |||||
| CVE-2023-40408 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly. | |||||
| CVE-2023-40180 | 1 Silverstripe | 1 Graphql | 2024-11-21 | N/A | 7.5 HIGH |
| silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-3637 | 1 Redhat | 1 Openstack Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. | |||||
| CVE-2023-3614 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file. | |||||
| CVE-2023-3585 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link. | |||||
| CVE-2023-3398 | 1 Diagrams | 1 Drawio | 2024-11-21 | N/A | 7.5 HIGH |
| Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3. | |||||
| CVE-2023-39748 | 1 Tp-link | 2 Tl-wr1041n V2, Tl-wr1041n V2 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-39610 | 1 Tp-link | 2 Tapo C100, Tapo C100 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. | |||||
| CVE-2023-39477 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499. | |||||