Total
1620 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31409 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests. | |||||
| CVE-2023-30999 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-11-21 | N/A | 7.5 HIGH |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651. | |||||
| CVE-2023-30798 | 1 Encode | 1 Starlette | 2024-11-21 | N/A | 7.5 HIGH |
| There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service. | |||||
| CVE-2023-30570 | 1 Libreswan | 1 Libreswan | 2024-11-21 | N/A | 7.5 HIGH |
| pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. | |||||
| CVE-2023-30408 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | N/A | 5.5 MEDIUM |
| Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry. | |||||
| CVE-2023-30406 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | N/A | 5.5 MEDIUM |
| Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c. | |||||
| CVE-2023-30311 | 2024-11-21 | N/A | 7.5 HIGH | ||
| An issue discovered in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sessions which could lead to a denial of service. | |||||
| CVE-2023-2831 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 4.3 MEDIUM |
| Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters. | |||||
| CVE-2023-2793 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 6.5 MEDIUM |
| Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message. | |||||
| CVE-2023-2785 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 4.3 MEDIUM |
| Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service | |||||
| CVE-2023-2778 | 1 Rockwellautomation | 1 Factorytalk Transaction Manager | 2024-11-21 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS. | |||||
| CVE-2023-2683 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-11-21 | N/A | 5.3 MEDIUM |
| A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error. | |||||
| CVE-2023-2263 | 1 Rockwellautomation | 2 Kinetix 5700, Kinetix 5700 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. The new ENIP connections cannot be established if impacted by this vulnerability, which prohibits operational capabilities of the device resulting in a denial-of-service attack. | |||||
| CVE-2023-29767 | 1 Appcrossx | 1 Crossx | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files. | |||||
| CVE-2023-29735 | 1 Mwm | 1 Edjing Mix | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of service via the database files. | |||||
| CVE-2023-29544 | 1 Mozilla | 2 Firefox, Focus | 2024-11-21 | N/A | 6.5 MEDIUM |
| If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
| CVE-2023-29499 | 1 Gnome | 1 Glib | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. | |||||
| CVE-2023-29479 | 1 Ribose | 1 Rnp | 2024-11-21 | N/A | 5.3 MEDIUM |
| Ribose RNP before 0.16.3 may hang when the input is malformed. | |||||
| CVE-2023-29409 | 1 Golang | 1 Go | 2024-11-21 | N/A | 5.3 MEDIUM |
| Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. | |||||
| CVE-2023-29331 | 1 Microsoft | 14 .net, .net Framework, Windows 10 1507 and 11 more | 2024-11-21 | N/A | 7.5 HIGH |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | |||||