Total
1390 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35116 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 5.9 Medium |
| IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335. | ||||
| CVE-2024-34046 | 1 O-ran-sc | 1 E2 | 2024-11-21 | 7.5 High |
| The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment(). | ||||
| CVE-2024-33862 | 2024-11-21 | 7.5 High | ||
| A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a denial of service (DoS) condition, disrupting the normal operation of the system. | ||||
| CVE-2024-33495 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application does not properly limit the size of specific logs. This could allow an unauthenticated remote attacker to exhaust system resources by creating a great number of log entries which could potentially lead to a denial of service condition. A successful exploitation requires the attacker to have access to specific SIMATIC RTLS Locating Manager Clients in the deployment. | ||||
| CVE-2024-32874 | 1 Frigate | 1 Frigate | 2024-11-21 | 6.8 Medium |
| Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no limitation set on the length of the filename and the costy use of the Unicode normalization with the form NFKD under the hood of `secure_filename()`. | ||||
| CVE-2024-32871 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 High |
| Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in file size than the original. This vulnerability is fixed in 11.2.4. | ||||
| CVE-2024-31919 | 1 Ibm | 2 Mq, Mq Appliance | 2024-11-21 | 5.9 Medium |
| IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259. | ||||
| CVE-2024-31881 | 1 Ibm | 1 Db2 | 2024-11-21 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613. | ||||
| CVE-2024-31446 | 2024-11-21 | 7.7 High | ||
| OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device in the mod and can be performed by anyone who can execute Lua code on them. This occurs while using the native Lua library. LuaJ appears to not have this issue. This vulnerability is fixed in 1.8.4. The GregTech: New Horizons modpack uses its own modified version of OpenComputers. They have applied the relevant patch in version 1.10.10-GTNH. | ||||
| CVE-2024-31152 | 2 Level1, Levelone | 3 Wbr-6012, Wbr-6012 Firmware, Wbr-6012 | 2024-11-21 | 5.3 Medium |
| The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application, where a series of crafted HTTP requests can cause a reboot. This could lead to network service interruptions. | ||||
| CVE-2024-30249 | 2024-11-21 | 8.6 High | ||
| Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR1-20240330.101522-15` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to use Network as an amplification vector for a UDP denial of service attack against a third party or as an attempt to trigger service suspension of the host. All consumers of the library should upgrade to at least version `1.0.0.CR1-20240330.101522-15` to receive a fix. There are no known workarounds beyond updating the library. | ||||
| CVE-2024-28762 | 1 Ibm | 1 Db2 | 2024-11-21 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246. | ||||
| CVE-2024-28102 | 1 Redhat | 2 Ansible Automation Platform, Enterprise Linux | 2024-11-21 | 6.8 Medium |
| JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length. | ||||
| CVE-2024-26577 | 2024-11-21 | 7.5 High | ||
| VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data. | ||||
| CVE-2024-25143 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 6.5 Medium |
| The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images. | ||||
| CVE-2024-24752 | 1 Mnapoli | 1 Bref | 2024-11-21 | 6.5 Medium |
| Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each which contains a file, it is extracted and saved in `/tmp` with a random filename starting with `bref_upload_`. The flow mimics what plain PHP does but it does not delete the temporary files when the request has been processed. An attacker could fill the Lambda instance disk by performing multiple MultiPart requests containing files. This vulnerability is patched in 2.1.13. | ||||
| CVE-2024-23820 | 1 Openfga | 1 Openfga | 2024-11-21 | 5.3 Medium |
| OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to `ListObjects` may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an `out of memory` error and terminate. Version 1.4.3 contains a patch for this issue. | ||||
| CVE-2024-23185 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2024-11-21 | 7.5 High |
| Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). One can implement restrictions on headers on MTA component preceding Dovecot. No publicly available exploits are known. | ||||
| CVE-2024-23184 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2024-11-21 | 5 Medium |
| Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue. An external attacker can send specially crafted messages that consume target system resources and cause outage. One can implement restrictions on address headers on MTA component preceding Dovecot. No publicly available exploits are known. | ||||
| CVE-2024-22436 | 2024-11-21 | 6.5 Medium | ||
| A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service. | ||||