Total
1621 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37142 | 1 Microsoft | 1 Chakracore | 2024-11-21 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees(). | |||||
| CVE-2023-37141 | 1 Microsoft | 1 Chakracore | 2024-11-21 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray(). | |||||
| CVE-2023-37140 | 1 Microsoft | 1 Chakracore | 2024-11-21 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount(). | |||||
| CVE-2023-36841 | 1 Juniper | 1 Junos | 2024-11-21 | N/A | 7.5 HIGH |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS). An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover. This issue affects interfaces with PPPoE configured and tcp-mss enabled. This issue affects Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S2; * 22.4 versions prior to 22.4R2; | |||||
| CVE-2023-36799 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-11-21 | N/A | 6.5 MEDIUM |
| .NET Core and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2023-36703 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 7.5 HIGH |
| DHCP Server Service Denial of Service Vulnerability | |||||
| CVE-2023-36606 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-36579 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-36478 | 3 Debian, Eclipse, Jenkins | 3 Debian Linux, Jetty, Jenkins | 2024-11-21 | N/A | 7.5 HIGH |
| Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. | |||||
| CVE-2023-36435 | 1 Microsoft | 4 .net, Windows 11 21h2, Windows 11 22h2 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| Microsoft QUIC Denial of Service Vulnerability | |||||
| CVE-2023-36431 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
| Microsoft Message Queuing Denial of Service Vulnerability | |||||
| CVE-2023-36161 | 1 Quboworld | 2 Smart Plug 10a, Smart Plug 10a Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication. | |||||
| CVE-2023-36042 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2024-11-21 | N/A | 6.2 MEDIUM |
| Visual Studio Denial of Service Vulnerability | |||||
| CVE-2023-36038 | 1 Microsoft | 3 .net, Asp.net Core, Visual Studio 2022 | 2024-11-21 | N/A | 8.2 HIGH |
| ASP.NET Core Denial of Service Vulnerability | |||||
| CVE-2023-35925 | 1 Intellectualsites | 1 Fastasyncworldedit | 2024-11-21 | N/A | 6.2 MEDIUM |
| FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the `Infinity` keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3. | |||||
| CVE-2023-35909 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | N/A | 5.3 MEDIUM |
| Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25. | |||||
| CVE-2023-35767 | 1 Perforce | 1 Helix Core | 2024-11-21 | N/A | 7.5 HIGH |
| In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner. | |||||
| CVE-2023-35339 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 7 more | 2024-11-21 | N/A | 7.5 HIGH |
| Windows CryptoAPI Denial of Service Vulnerability | |||||
| CVE-2023-35329 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Windows Authentication Denial of Service Vulnerability | |||||
| CVE-2023-35298 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows Server 2022 | 2024-11-21 | N/A | 7.5 HIGH |
| HTTP.sys Denial of Service Vulnerability | |||||