Total
1574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-30570 | 1 Libreswan | 1 Libreswan | 2024-02-28 | N/A | 7.5 HIGH |
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. | |||||
CVE-2023-20911 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242537498 | |||||
CVE-2023-29544 | 1 Mozilla | 2 Firefox, Focus | 2024-02-28 | N/A | 6.5 MEDIUM |
If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
CVE-2023-1150 | 1 Wago | 36 750-362, 750-362\/000-001, 750-362\/000-001 Firmware and 33 more | 2024-02-28 | N/A | 7.5 HIGH |
Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets. | |||||
CVE-2023-28837 | 1 Torchbox | 1 Wagtail | 2024-02-28 | N/A | 4.9 MEDIUM |
Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents. Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). Site owners who are unable to upgrade to the new versions are encouraged to add extra protections outside of Wagtail to limit the size of uploaded files. | |||||
CVE-2023-2683 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-02-28 | N/A | 6.5 MEDIUM |
A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error. | |||||
CVE-2023-30798 | 1 Encode | 1 Starlette | 2024-02-28 | N/A | 7.5 HIGH |
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service. | |||||
CVE-2023-2793 | 1 Mattermost | 1 Mattermost | 2024-02-28 | N/A | 6.5 MEDIUM |
Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message. | |||||
CVE-2022-24109 | 1 Opennetworking | 1 Onos | 2024-02-28 | N/A | 6.5 MEDIUM |
An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller. | |||||
CVE-2023-29479 | 1 Ribose | 1 Rnp | 2024-02-28 | N/A | 5.3 MEDIUM |
Ribose RNP before 0.16.3 may hang when the input is malformed. | |||||
CVE-2023-21110 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258422365 | |||||
CVE-2023-28356 | 1 Rocket.chat | 1 Rocket.chat | 2024-02-28 | N/A | 7.5 HIGH |
A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive. | |||||
CVE-2020-19850 | 1 Monospace | 1 Directus | 2024-02-28 | N/A | 6.5 MEDIUM |
An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests. | |||||
CVE-2022-41801 | 1 Intel | 1 Connect M | 2024-02-28 | N/A | 5.5 MEDIUM |
Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access. | |||||
CVE-2023-0056 | 3 Fedoraproject, Haproxy, Redhat | 10 Extra Packages For Enterprise Linux, Fedora, Haproxy and 7 more | 2024-02-28 | N/A | 6.5 MEDIUM |
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. | |||||
CVE-2023-30408 | 1 Jerryscript | 1 Jerryscript | 2024-02-28 | N/A | 5.5 MEDIUM |
Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry. | |||||
CVE-2023-24824 | 1 Github | 1 Cmark-gfm | 2024-02-28 | N/A | 7.5 HIGH |
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources. | |||||
CVE-2022-39374 | 1 Matrix | 1 Synapse | 2024-02-28 | N/A | 6.5 MEDIUM |
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0 | |||||
CVE-2023-28507 | 2 Linux, Rocketsoftware | 3 Linux Kernel, Unidata, Universe | 2024-02-28 | N/A | 9.8 CRITICAL |
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes. | |||||
CVE-2023-30406 | 1 Jerryscript | 1 Jerryscript | 2024-02-28 | N/A | 5.5 MEDIUM |
Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c. |