Total
3307 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42012 | 3 Fedoraproject, Freedesktop, Redhat | 4 Fedora, Dbus, Enterprise Linux and 1 more | 2025-06-09 | 6.5 Medium |
| An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. | ||||
| CVE-2022-42011 | 3 Fedoraproject, Freedesktop, Redhat | 4 Fedora, Dbus, Enterprise Linux and 1 more | 2025-06-09 | 6.5 Medium |
| An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. | ||||
| CVE-2024-39702 | 1 Openresty | 1 Openresty | 2025-06-06 | 5.9 Medium |
| In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT repository. is unaffected. | ||||
| CVE-2025-41360 | 2025-06-06 | N/A | ||
| Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The device is vulnerable to a packet flooding denial of service attack. | ||||
| CVE-2025-41361 | 2025-06-06 | N/A | ||
| Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to those PROCOME ports could cause the device to reboot and result in a denial of service. To exploit this vulnerability, PROCOME ports must be configured and active, with communications encryption active. | ||||
| CVE-2023-34324 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2025-06-05 | 4.9 Medium |
| Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock). | ||||
| CVE-2024-12601 | 1 Codepeople | 1 Calculated Fields Form | 2025-06-05 | 5.3 Medium |
| The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks. | ||||
| CVE-2023-48951 | 1 Openlinksw | 1 Virtuoso | 2025-06-05 | 8.8 High |
| An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2024-42849 | 1 Silverpeas | 1 Silverpeas | 2025-06-05 | 6.5 Medium |
| An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function. | ||||
| CVE-2024-20502 | 1 Cisco | 52 Meraki Mx, Meraki Mx100, Meraki Mx100 Firmware and 49 more | 2025-06-04 | 5.8 Medium |
| A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. | ||||
| CVE-2024-20500 | 1 Cisco | 52 Meraki Mx, Meraki Mx100, Meraki Mx100 Firmware and 49 more | 2025-06-04 | 5.8 Medium |
| A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. | ||||
| CVE-2025-21174 | 2025-06-04 | 7.5 High | ||
| Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-26673 | 2025-06-04 | 7.5 High | ||
| Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-27486 | 2025-06-04 | 7.5 High | ||
| Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-27485 | 2025-06-04 | 7.5 High | ||
| Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-27469 | 2025-06-04 | 7.5 High | ||
| Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-26652 | 2025-06-04 | 7.5 High | ||
| Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-26641 | 2025-06-04 | 7.5 High | ||
| Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-27473 | 2025-06-04 | 7.5 High | ||
| Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-27470 | 2025-06-04 | 7.5 High | ||
| Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | ||||