Total
1574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-52425 | 1 Libexpat Project | 1 Libexpat | 2024-08-26 | N/A | 7.5 HIGH |
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | |||||
CVE-2024-25452 | 1 Axiosys | 1 Bento4 | 2024-08-26 | N/A | 5.5 MEDIUM |
Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function. | |||||
CVE-2024-4210 | 1 Gitlab | 1 Gitlab | 2024-08-23 | N/A | 6.5 MEDIUM |
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files. | |||||
CVE-2024-43105 | 2024-08-23 | N/A | 4.3 MEDIUM | ||
Mattermost Plugin Channel Export versions <=1.0.0 fail to restrict concurrent runs of the /export command which allows a user to consume excessive resource by running the /export command multiple times at once. | |||||
CVE-2024-39810 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 4.9 MEDIUM |
Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the connection, cause the application to crash. | |||||
CVE-2024-33655 | 2024-08-22 | N/A | 7.5 HIGH | ||
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue. | |||||
CVE-2024-22588 | 2024-08-22 | N/A | 6.5 MEDIUM | ||
Kwik commit 745fd4e2 does not discard unused encryption keys. | |||||
CVE-2023-46442 | 2024-08-22 | N/A | 4.3 MEDIUM | ||
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service (DoS). | |||||
CVE-2024-45163 | 2024-08-22 | N/A | 9.1 CRITICAL | ||
The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data. | |||||
CVE-2024-45166 | 2024-08-22 | N/A | 9.8 CRITICAL | ||
An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. There is an access violation and EIP overwrite after five logins. | |||||
CVE-2024-42950 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-08-21 | N/A | 7.5 HIGH |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
CVE-2024-5013 | 1 Progress | 1 Whatsup Gold | 2024-08-21 | N/A | 7.5 HIGH |
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible. | |||||
CVE-2024-43380 | 1 Floraison | 1 Fugit | 2024-08-21 | N/A | 7.5 HIGH |
fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausibility are impacted. A fix was released in fugit 1.11.1. | |||||
CVE-2024-33774 | 2024-08-20 | N/A | 6.5 MEDIUM | ||
A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage." | |||||
CVE-2023-30311 | 2024-08-20 | N/A | 7.5 HIGH | ||
An issue discovered in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sessions which could lead to a denial of service. | |||||
CVE-2024-41727 | 1 F5 | 23 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 20 more | 2024-08-20 | N/A | 7.5 HIGH |
In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
CVE-2024-32269 | 2024-08-20 | N/A | 7.5 HIGH | ||
An issue in Yonganda YAD-LOJ V3.0.561 allows a remote attacker to cause a denial of service via a crafted packet. | |||||
CVE-2024-23443 | 1 Elastic | 1 Kibana | 2024-08-19 | N/A | 4.9 MEDIUM |
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack. | |||||
CVE-2024-4781 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted. | |||||
CVE-2024-6004 | 2024-08-19 | N/A | 6.5 MEDIUM | ||
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted. |