Total
3476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34109 | 1 Zxcvbn-ts Project | 1 Zxcvbn-ts | 2025-01-06 | 6.5 Medium |
| zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with every function call. Browsers are impacted, too but a single user need to do a lot of input changes so that it affects the browser, while the node process gets the inputs of every user of a platform and can be killed that way. This problem has been patched in version 3.0.2. Users are advised to upgrade. Users unable to upgrade should stop using the second argument of the zxcvbn function and use the zxcvbnOptions.setOptions function. | ||||
| CVE-2023-29767 | 1 Appcrossx | 1 Crossx | 2025-01-06 | 5.5 Medium |
| An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files. | ||||
| CVE-2023-35053 | 1 Jetbrains | 1 Youtrack | 2025-01-03 | 7.5 High |
| In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms | ||||
| CVE-2024-1014 | 1 Se-elektronic | 2 E-ddc3.3, E-ddc3.3 Firmware | 2025-01-03 | 6.2 Medium |
| Uncontrolled resource consumption vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could interrupt the availability of the administration panel by sending multiple ICMP packets. | ||||
| CVE-2024-39895 | 1 Monospace | 1 Directus | 2025-01-03 | 6.5 Medium |
| Directus is a real-time API and App dashboard for managing SQL database content. A denial of service (DoS) attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and consume excessive resources, leading to a denial of service for legitimate users. Request to the endpoint /graphql are sent when visualizing graphs generated at a dashboard. By modifying the data sent and duplicating many times the fields a DoS attack is possible. This vulnerability is fixed in 10.12.0. | ||||
| CVE-2023-34623 | 1 Jtidy Project | 1 Jtidy | 2025-01-03 | 7.5 High |
| An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | ||||
| CVE-2024-49767 | 2 Palletsprojects, Redhat | 3 Quart, Werkzeug, Openshift Ai | 2025-01-03 | 7.5 High |
| Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue. | ||||
| CVE-2022-26832 | 1 Microsoft | 11 .net Framework, Windows 10, Windows 11 and 8 more | 2025-01-02 | 7.5 High |
| .NET Framework Denial of Service Vulnerability | ||||
| CVE-2023-38178 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2025-01-01 | 7.5 High |
| .NET Core and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2023-35298 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows Server 2022 | 2025-01-01 | 7.5 High |
| HTTP.sys Denial of Service Vulnerability | ||||
| CVE-2023-35339 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 7 more | 2025-01-01 | 7.5 High |
| Windows CryptoAPI Denial of Service Vulnerability | ||||
| CVE-2023-35329 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-01-01 | 6.5 Medium |
| Windows Authentication Denial of Service Vulnerability | ||||
| CVE-2023-33141 | 1 Microsoft | 1 Yet Another Reverse Proxy | 2025-01-01 | 7.5 High |
| Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability | ||||
| CVE-2023-32013 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2025-01-01 | 5.3 Medium |
| Windows Hyper-V Denial of Service Vulnerability | ||||
| CVE-2023-24862 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-01 | 5.5 Medium |
| Windows Secure Channel Denial of Service Vulnerability | ||||
| CVE-2023-23411 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-01-01 | 6.5 Medium |
| Windows Hyper-V Denial of Service Vulnerability | ||||
| CVE-2023-21728 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2025-01-01 | 7.5 High |
| Windows Netlogon Denial of Service Vulnerability | ||||
| CVE-2023-21557 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2025-01-01 | 7.5 High |
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | ||||
| CVE-2023-21543 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2025-01-01 | 8.1 High |
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | ||||
| CVE-2023-21547 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2025-01-01 | 7.5 High |
| Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | ||||