Total
296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45802 | 3 Apache, Debian, Fedoraproject | 3 Http Server, Debian Linux, Fedora | 2024-10-15 | N/A | 5.9 MEDIUM |
| When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. | |||||
| CVE-2024-9787 | 2024-10-15 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-38271 | 1 Google | 1 Nearby | 2024-09-24 | N/A | 4.8 MEDIUM |
| There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi network and then sends an OfflineFrame that crashes Quick Share. This makes the Wifi connection to the attacker’s network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version 1.0.1724.0 of Quick Share or above | |||||
| CVE-2024-2760 | 2024-09-05 | N/A | 5.5 MEDIUM | ||
| Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver. | |||||
| CVE-2024-2180 | 2024-09-05 | N/A | 5.5 MEDIUM | ||
| Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers | |||||
| CVE-2022-33324 | 1 Mitsubishi | 38 Melipc Mi5122-vw, Melipc Mi5122-vw Firmware, Melsec Iq-l L04 Hcpu and 35 more | 2024-09-05 | N/A | 7.5 HIGH |
| Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions "17" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions "05" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions "07" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery. | |||||
| CVE-2024-36856 | 2024-08-22 | N/A | 7.5 HIGH | ||
| RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Service (daemon crash) via a certain sequence of five TCP packets. | |||||
| CVE-2024-7887 | 2024-08-19 | 3.3 LOW | 2.7 LOW | ||
| A vulnerability was found in LimeSurvey 6.3.0-231016 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php of the component File Upload. The manipulation of the argument size leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2020-28327 | 2 Digium, Sangoma | 2 Certified Asterisk, Asterisk | 2024-08-15 | 2.1 LOW | 5.3 MEDIUM |
| A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling. | |||||
| CVE-2024-33844 | 1 Parrot | 1 Anafi Firmware | 2024-08-06 | N/A | 7.5 HIGH |
| The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE. | |||||
| CVE-2017-20186 | 1 Nikooo777 | 1 Cksurf | 2024-08-05 | 2.7 LOW | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in nikooo777 ckSurf up to 1.19.2. It has been declared as problematic. This vulnerability affects the function SpecListMenuDead of the file csgo/addons/sourcemod/scripting/ckSurf/misc.sp of the component Spectator List Name Handler. The manipulation of the argument cleanName leads to denial of service. Upgrading to version 1.21.0 is able to address this issue. The name of the patch is fd6318d99083a06363091441a0614bd2f21068e6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-238156. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2017-20015 | 1 Weka | 1 Interest Security Scanner | 2024-08-05 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, was found in WEKA INTEREST Security Scanner up to 1.8. This affects an unknown part of the component LAN Viewer. The manipulation with an unknown input leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2017-20014 | 1 Weka | 1 Interest Security Scanner | 2024-08-05 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in WEKA INTEREST Security Scanner up to 1.8. Affected by this issue is some unknown functionality of the component Webspider. The manipulation with an unknown input leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2017-20013 | 1 Weka | 1 Interest Security Scanner | 2024-08-05 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability classified as problematic was found in WEKA INTEREST Security Scanner up to 1.8. Affected by this vulnerability is the Stresstest Configuration Handler. A manipulation leads to a local denial of service. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2017-20012 | 1 Weka | 1 Interest Security Scanner | 2024-08-05 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2017-20011 | 1 Weka | 1 Interest Security Scanner | 2024-08-05 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Handler. The manipulation with an unknown input leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2022-3647 | 1 Redis | 1 Redis | 2024-08-03 | 1.8 LOW | 3.3 LOW |
| ** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred. | |||||
| CVE-2024-3764 | 2024-08-01 | 3.3 LOW | 2.7 LOW | ||
| ** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 5.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-260604. NOTE: The vendor explains that a malicious actor would have to crack TLS first or use a legitimate login to initiate the attack. | |||||
| CVE-2024-2363 | 2024-08-01 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256318 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-31611 | 1 Seacms | 1 Seacms | 2024-08-01 | N/A | 9.1 CRITICAL |
| SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. | |||||