Total
1319 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4044 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages. | ||||
| CVE-2022-4045 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 3.1 Low |
| A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data. | ||||
| CVE-2023-47717 | 1 Ibm | 1 Security Guardium | 2024-12-06 | 4.4 Medium |
| IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690. | ||||
| CVE-2023-36371 | 1 Monetdb | 1 Monetdb | 2024-12-06 | 7.5 High |
| An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-36370 | 1 Monetdb | 1 Monetdb | 2024-12-06 | 7.5 High |
| An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-36369 | 1 Monetdb | 1 Monetdb | 2024-12-06 | 7.5 High |
| An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-34055 | 2 Cyrusimap, Redhat | 2 Cyrus Imap, Enterprise Linux | 2024-12-06 | 6.5 Medium |
| Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. | ||||
| CVE-2023-5625 | 1 Redhat | 9 Enterprise Linux, Openshift, Openshift Container Platform For Arm64 and 6 more | 2024-12-06 | 5.3 Medium |
| A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products. | ||||
| CVE-2024-48843 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 7.7 High |
| Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2024-48844 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 7.7 High |
| Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2023-32385 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-12-05 | 5.5 Medium |
| A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination. | ||||
| CVE-2024-53857 | 1 Rpgp | 1 Rpgp | 2024-12-05 | 7.5 High |
| rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys. | ||||
| CVE-2023-21176 | 1 Google | 1 Android | 2024-12-05 | 4.4 Medium |
| In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222287335 | ||||
| CVE-2024-21174 | 2024-12-03 | 3.1 Low | ||
| Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.23, 21.3-21.14 and 23.4. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2023-49559 | 2024-12-03 | 3.7 Low | ||
| An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function. | ||||
| CVE-2024-52805 | 1 Element-hq | 1 Synapse | 2024-12-03 | N/A |
| Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type. | ||||
| CVE-2024-37302 | 1 Element-hq | 1 Synapse | 2024-12-03 | 7.5 High |
| Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new "leaky bucket" rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data to be cached. | ||||
| CVE-2024-48530 | 1 Esoft | 1 Planner | 2024-12-03 | 7.5 High |
| An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-31669 | 1 Rizin | 1 Rizin | 2024-12-03 | 7.5 High |
| rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide. | ||||
| CVE-2018-0137 | 1 Cisco | 1 Prime Network | 2024-12-02 | N/A |
| A vulnerability in the TCP throttling process of Cisco Prime Network could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection for TCP listening ports. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP SYN packets to the local IP address of the targeted application. A successful exploit could allow the attacker to cause the device to consume a high amount of memory and become slow, or to stop accepting new TCP connections to the application. Cisco Bug IDs: CSCvg48152. | ||||