Total
1574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-21033 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713323 | |||||
CVE-2023-1981 | 3 Avahi, Fedoraproject, Redhat | 3 Avahi, Fedora, Enterprise Linux | 2024-02-28 | N/A | 5.5 MEDIUM |
A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. | |||||
CVE-2023-31409 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2024-02-28 | N/A | 7.5 HIGH |
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests. | |||||
CVE-2023-2778 | 1 Rockwellautomation | 1 Factorytalk Transaction Manager | 2024-02-28 | N/A | 7.5 HIGH |
A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS. | |||||
CVE-2023-26509 | 1 Anydesk | 1 Anydesk | 2024-02-28 | N/A | 7.5 HIGH |
AnyDesk 7.0.8 allows remote Denial of Service. | |||||
CVE-2023-27191 | 1 Dualspace | 1 Super Security | 2024-02-28 | N/A | 7.5 HIGH |
An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the SharedPreference files. | |||||
CVE-2022-33168 | 1 Ibm | 1 Security Directory Suite Va | 2024-02-28 | N/A | 7.5 HIGH |
IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588. | |||||
CVE-2022-4008 | 1 Octopus | 1 Octopus Server | 2024-02-28 | N/A | 5.5 MEDIUM |
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | |||||
CVE-2023-28846 | 1 Unpoly | 1 Unpoly-rails | 2024-02-28 | N/A | 7.5 HIGH |
Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service (DoS) vulnerability in the `unpoly-rails` gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load balancer's that uses passive health checks. The `unpoly-rails` gem echoes the request URL as an `X-Up-Location` response header. By making a request with exceedingly long URLs (paths or query string), an attacker can cause unpoly-rails to write a exceedingly large response header. If the response header is too large to be parsed by a load balancer downstream of the Rails application, it may cause the load balancer to remove the upstream from a load balancing group. This causes that application instance to become unavailable until a configured timeout is reached or until an active healthcheck succeeds. This issue has been fixed and released as version 2.7.2.2 which is available via RubyGems and GitHub. Users unable to upgrade may: Configure your load balancer to use active health checks, e.g. by periodically requesting a route with a known response that indicates healthiness; Configure your load balancer so the maximum size of response headers is at least twice the maximum size of a URL; or instead of changing your server configuration you may also configure your Rails application to delete redundant `X-Up-Location` headers set by unpoly-rails. | |||||
CVE-2023-24594 | 1 F5 | 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 17 more | 2024-02-28 | N/A | 5.3 MEDIUM |
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
CVE-2023-1605 | 1 Radare | 1 Radare2 | 2024-02-28 | N/A | 7.5 HIGH |
Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. | |||||
CVE-2023-29013 | 1 Traefik | 1 Traefik | 2024-02-28 | N/A | 7.5 HIGH |
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2. | |||||
CVE-2023-1994 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2024-02-28 | N/A | 6.5 MEDIUM |
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file | |||||
CVE-2023-24545 | 1 Arista | 2 Cloudeos, Dca-200-veos | 2024-02-28 | N/A | 7.5 HIGH |
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic. | |||||
CVE-2023-33297 | 1 Bitcoin | 1 Bitcoin Core | 2024-02-28 | N/A | 7.5 HIGH |
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023. | |||||
CVE-2023-20910 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-1654 | 1 Gpac | 1 Gpac | 2024-02-28 | N/A | 7.8 HIGH |
Denial of Service in GitHub repository gpac/gpac prior to 2.4.0. | |||||
CVE-2023-0121 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 7.5 HIGH |
A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts. | |||||
CVE-2023-26595 | 1 Cybozu | 1 Garoon | 2024-02-28 | N/A | 6.5 MEDIUM |
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. | |||||
CVE-2023-28882 | 1 Trustwave | 1 Modsecurity | 2024-02-28 | N/A | 7.5 HIGH |
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. |