Total
882 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28871 | 3 Apple, F-secure, Microsoft | 4 Mac Os X, Macos, Atlant and 1 more | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. | |||||
| CVE-2022-28656 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
| is_closing_session() allows users to consume RAM in the Apport process | |||||
| CVE-2022-28655 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | N/A | 7.1 HIGH |
| is_closing_session() allows users to create arbitrary tcp dbus connections | |||||
| CVE-2022-28654 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
| is_closing_session() allows users to fill up apport.log | |||||
| CVE-2022-27871 | 1 Autodesk | 14 3ds Max, Advance Steel, Autocad and 11 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code. | |||||
| CVE-2022-27819 | 1 Waycrate | 1 Swhkd | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
| SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device). | |||||
| CVE-2022-26336 | 2 Apache, Netapp | 2 Poi, Active Iq Unified Manager | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1. | |||||
| CVE-2022-25897 | 1 Eclipse | 1 Milo | 2024-11-21 | N/A | 5.9 MEDIUM |
| The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False. | |||||
| CVE-2022-25888 | 1 Opcua Project | 1 Opcua | 2024-11-21 | N/A | 7.5 HIGH |
| The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | |||||
| CVE-2022-25761 | 2 Fedoraproject, Open62541 | 2 Fedora, Open62541 | 2024-11-21 | N/A | 7.5 HIGH |
| The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | |||||
| CVE-2022-25304 | 2 Asyncua Project, Opcua Project | 2 Asyncua, Opcua | 2024-11-21 | N/A | 7.5 HIGH |
| All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | |||||
| CVE-2022-25231 | 1 Node-opcua Project | 1 Node-opcua | 2024-11-21 | N/A | 7.5 HIGH |
| The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit. | |||||
| CVE-2022-25169 | 2 Apache, Oracle | 2 Tika, Primavera Unifier | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. | |||||
| CVE-2022-24741 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 MEDIUM | 3.5 LOW |
| Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `'enable_previews'` config flag. | |||||
| CVE-2022-24685 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6. | |||||
| CVE-2022-24614 | 1 Metadata-extractor Project | 1 Metadata-extractor | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library. | |||||
| CVE-2022-24381 | 1 Asneg | 1 Opc Ua Stack | 2024-11-21 | N/A | 7.5 HIGH |
| All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | |||||
| CVE-2022-24298 | 1 Freeopcua Project | 1 Freeopcua | 2024-11-21 | N/A | 7.5 HIGH |
| All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False. | |||||
| CVE-2022-24196 | 1 Itextpdf | 1 Itext | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||||
| CVE-2022-23913 | 2 Apache, Netapp | 3 Activemq Artemis, Active Iq Unified Manager, Oncommand Workflow Automation | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. | |||||