Total
3389 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33202 | 2 Bouncycastle, Redhat | 3 Bouncy Castle For Java, Fips Java Api, Amq Streams | 2025-08-18 | 5.5 Medium |
| Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.) | ||||
| CVE-2025-53722 | 1 Microsoft | 20 Server, Windows, Windows 10 1507 and 17 more | 2025-08-18 | 7.5 High |
| Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2023-39328 | 2 Redhat, Uclouvain | 2 Enterprise Linux, Openjpeg | 2025-08-18 | 5.5 Medium |
| A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file. | ||||
| CVE-2025-50861 | 2 Google, Lotuscars | 2 Android, Android App | 2025-08-16 | 6.5 Medium |
| The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. This poses a risk of unintended access to application internals and can cause denial of service or logic abuse. | ||||
| CVE-2025-50615 | 1 Netis-systems | 2 Wf2880, Wf2880 Firmware | 2025-08-15 | 7.5 High |
| A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00470c50 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_mac_filter_set in the payload, which can cause the program to crash and lead to a Denial of Service (DoS) attack. | ||||
| CVE-2025-55197 | 1 Pypdf Project | 1 Pypdf | 2025-08-15 | 7.5 High |
| pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. This issue has been fixed in 6.0.0. If an update is not possible, a workaround involves including the fixed code from pypdf.filters.decompress into the existing filters file. | ||||
| CVE-2025-40766 | 1 Siemens | 1 Sinec Traffic Analyzer | 2025-08-15 | 5.5 Medium |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service (DoS) attack. | ||||
| CVE-2021-27923 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2025-08-15 | 7.5 High |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | ||||
| CVE-2021-27922 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2025-08-15 | 7.5 High |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | ||||
| CVE-2021-27921 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2025-08-15 | 7.5 High |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | ||||
| CVE-2023-38264 | 2 Ibm, Redhat | 3 Java Software Development Kit, Enterprise Linux, Rhel Extras | 2025-08-14 | 5.9 Medium |
| The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578. | ||||
| CVE-2024-6162 | 1 Redhat | 11 Apache Camel Hawtio, Apache Camel Spring Boot, Build Keycloak and 8 more | 2025-08-14 | 7.5 High |
| A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up. | ||||
| CVE-2024-1635 | 2 Netapp, Redhat | 26 Active Iq Unified Manager, Oncommand Workflow Automation, Amq Streams and 23 more | 2025-08-14 | 7.5 High |
| A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak. | ||||
| CVE-2023-5685 | 1 Redhat | 12 Apache-camel-spring-boot, Apache Camel Hawtio, Build Keycloak and 9 more | 2025-08-14 | 7.5 High |
| A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS). | ||||
| CVE-2023-27321 | 1 Opcfoundation | 1 Ua-.netstandard | 2025-08-14 | N/A |
| OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505. | ||||
| CVE-2025-27576 | 1 Intel | 1 Edge Orchestrator Software | 2025-08-13 | 2.9 Low |
| Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-27250 | 1 Intel | 1 Edge Orchestrator Software | 2025-08-13 | 3.5 Low |
| Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-26472 | 1 Intel | 1 Edge Orchestrator Software | 2025-08-13 | 5.7 Medium |
| Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-26697 | 2 Intel, Linux | 2 Ethernet 700 Series Software, Linux Kernel | 2025-08-13 | 3.3 Low |
| Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service. | ||||
| CVE-2025-26863 | 2 Intel, Linux | 2 Ethernet 700 Series Software, Linux Kernel | 2025-08-13 | 3.8 Low |
| Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service. | ||||