Total
3474 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20863 | 2 Redhat, Vmware | 2 Camel Spring Boot, Spring Framework | 2025-02-07 | 6.5 Medium |
| In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | ||||
| CVE-2023-29185 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2025-02-07 | 5.3 Medium |
| SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction. | ||||
| CVE-2023-28763 | 1 Sap | 1 Netweaver Application Server Abap | 2025-02-07 | 6.5 Medium |
| SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction. | ||||
| CVE-2023-24545 | 1 Arista | 2 Cloudeos, Dca-200-veos | 2025-02-07 | 7.5 High |
| On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic. | ||||
| CVE-2022-40946 | 1 Dlink | 2 Dir-819, Dir-819 Firmware | 2025-02-06 | 7.5 High |
| On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request. | ||||
| CVE-2023-28440 | 1 Discourse | 1 Discourse | 2025-02-06 | 2.7 Low |
| Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2021-39295 | 1 Openbmc-project | 1 Openbmc | 2025-02-06 | 7.5 High |
| In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface. | ||||
| CVE-2023-27652 | 1 Egostudiogroup | 1 Super Clean | 2025-02-05 | 5.5 Medium |
| An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the update_info field of the _default_.xml file. | ||||
| CVE-2022-30691 | 1 Intel | 1 Support | 2025-02-05 | 5.9 Medium |
| Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-21090 | 1 Google | 1 Android | 2025-02-05 | 5 Medium |
| In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259942609 | ||||
| CVE-2024-27088 | 1 Medikoo | 1 Es5-ext | 2025-02-05 | 0 Low |
| es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63. | ||||
| CVE-2023-30408 | 1 Jerryscript | 1 Jerryscript | 2025-02-05 | 5.5 Medium |
| Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry. | ||||
| CVE-2023-30406 | 1 Jerryscript | 1 Jerryscript | 2025-02-05 | 5.5 Medium |
| Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c. | ||||
| CVE-2022-24109 | 1 Opennetworking | 1 Onos | 2025-02-05 | 6.5 Medium |
| An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller. | ||||
| CVE-2022-24035 | 1 Opennetworking | 1 Onos | 2025-02-05 | 7.5 High |
| An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management. | ||||
| CVE-2023-29479 | 2 Redhat, Ribose | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-02-04 | 5.3 Medium |
| Ribose RNP before 0.16.3 may hang when the input is malformed. | ||||
| CVE-2023-30798 | 1 Encode | 1 Starlette | 2025-02-04 | 7.5 High |
| There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service. | ||||
| CVE-2024-0157 | 1 Dell | 2 Storage Monitoring And Reporting, Storage Resource Manager | 2025-02-04 | 5.9 Medium |
| Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session. | ||||
| CVE-2024-47239 | 1 Dell | 1 Powerscale Onefs | 2025-02-04 | 6.5 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2024-47554 | 1 Redhat | 1 Amq Streams | 2025-01-31 | 4.3 Medium |
| Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue. | ||||