Total
1621 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39329 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service. | |||||
| CVE-2023-39328 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file. | |||||
| CVE-2023-39327 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal. | |||||
| CVE-2023-39321 | 1 Golang | 1 Go | 2024-11-21 | N/A | 7.5 HIGH |
| Processing an incomplete post-handshake message for a QUIC connection can cause a panic. | |||||
| CVE-2023-39219 | 1 Pingidentity | 1 Pingfederate | 2024-11-21 | N/A | 7.5 HIGH |
| PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests | |||||
| CVE-2023-38737 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567. | |||||
| CVE-2023-38251 | 1 Adobe | 2 Commerce, Magento | 2024-11-21 | N/A | 5.3 MEDIUM |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-38210 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2024-11-21 | N/A | 5.5 MEDIUM |
| Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resource Consumption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-38178 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-11-21 | N/A | 7.5 HIGH |
| .NET Core and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2023-38162 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| DHCP Server Service Denial of Service Vulnerability | |||||
| CVE-2023-38149 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
| Windows TCP/IP Denial of Service Vulnerability | |||||
| CVE-2023-38043 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | |||||
| CVE-2023-37900 | 1 Cncf | 1 Crossplane | 2024-11-21 | N/A | 3.4 LOW |
| Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crossplane would then parse, possibly resulting in exhausting all the available memory and therefore in the container being OOMKilled. The impact is limited due to the high privileges required to be able to create the Package and the eventually consistency nature of controller. This issue is fixed in versions 1.11.5, 1.12.3, and 1.13.0. | |||||
| CVE-2023-37788 | 1 Goproxy Project | 1 Goproxy | 2024-11-21 | N/A | 7.5 HIGH |
| goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors. | |||||
| CVE-2023-37481 | 1 Ethyca | 1 Fides | 2024-11-21 | N/A | 2.7 LOW |
| Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs (similar to a billion laughs attack), causing resource exhaustion in Admin UI browser tabs and creating a persistent denial of service of the 'new connector' page (`datastore-connection/new`). This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading. | |||||
| CVE-2023-37480 | 1 Ethyca | 1 Fides | 2024-11-21 | N/A | 2.7 LOW |
| Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb file, resulting in resource exhaustion and service unavailability for all users of the Fides webserver. This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading. If an attack occurs, the impact can be mitigated by manually or automatically restarting the affected container. | |||||
| CVE-2023-37475 | 1 Avro Project | 1 Avro | 2024-11-21 | N/A | 7.5 HIGH |
| Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's `github.com/hamba/avro/v2.Unmarshal()` can throw a `fatal error: runtime: out of memory` which is unrecoverable and can cause denial of service of the consumer of avro. The root cause of the issue is that avro uses part of the input to `Unmarshal()` to determine the size when creating a new slice and hence an attacker may consume arbitrary amounts of memory which in turn may cause the application to crash. This issue has been addressed in commit `b4a402f4` which has been included in release version `2.13.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-37263 | 1 Strapi | 1 Strapi | 2024-11-21 | N/A | 6.8 MEDIUM |
| Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue. | |||||
| CVE-2023-37195 | 1 Siemens | 10 Simatic Cp 1604, Simatic Cp 1604 Firmware, Simatic Cp 1616 and 7 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial of service situation on the host. A physical power cycle is required to get the system working again. | |||||
| CVE-2023-37143 | 1 Microsoft | 1 Chakracore | 2024-11-21 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp(). | |||||