Total
3477 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6180 | 1 Cloudflare | 1 Boring | 2024-11-21 | 5.3 Medium |
| The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection. | ||||
| CVE-2023-5969 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 5.3 Medium |
| Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items. | ||||
| CVE-2023-5915 | 1 Yokogawa | 4 Stardom Fcj, Stardom Fcj Firmware, Stardom Fcn and 1 more | 2024-11-21 | 5.3 Medium |
| A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not stopped by the condition. The affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31. | ||||
| CVE-2023-5876 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 3.1 Low |
| Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. | ||||
| CVE-2023-5759 | 1 Perforce | 1 Helix Core | 2024-11-21 | 7.5 High |
| In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner. | ||||
| CVE-2023-5595 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV. | ||||
| CVE-2023-5522 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.3 Medium |
| Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and freeze the mobile app of users when viewing that particular channel. | ||||
| CVE-2023-5333 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs. | ||||
| CVE-2023-5330 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable. | ||||
| CVE-2023-5196 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 6.5 Medium |
| Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users. | ||||
| CVE-2023-52428 | 2 Connect2id, Redhat | 4 Nimbus Jose\+jwt, Amq Streams, Apache Camel Spring Boot and 1 more | 2024-11-21 | 7.5 High |
| In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component. | ||||
| CVE-2023-50966 | 2024-11-21 | 5.3 Medium | ||
| erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header. | ||||
| CVE-2023-50730 | 1 Typelevel | 1 Grackle | 2024-11-21 | 7.5 High |
| Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments would have been accepted for type checking and compilation. The attempted compilation of such fragments would result in a JVM `StackOverflowError` being thrown. Some knowledge of an applications GraphQL schema would be required to construct such a query, however no knowledge of any application-specific performance or other behavioural characteristics would be needed. Grackle uses the cats-parse library for parsing GraphQL queries. Prior to version 0.18.0, Grackle made use of the cats-parse `recursive` operator. However, `recursive` is not currently stack safe. `recursive` was used in three places in the parser: nested selection sets, nested input values (lists and objects), and nested list type declarations. Consequently, queries with deeply nested selection sets, input values or list types could be constructed which exploited this, causing a JVM `StackOverflowException` to be thrown during parsing. Because this happens very early in query processing, no specific knowledge of an applications GraphQL schema would be required to construct such a query. The possibility of small queries resulting in stack overflow is a potential denial of service vulnerability. This potentially affects all applications using Grackle which have untrusted users. Both stack overflow issues have been resolved in the v0.18.0 release of Grackle. As a workaround, users could interpose a sanitizing layer in between untrusted input and Grackle query processing. | ||||
| CVE-2023-50707 | 1 Efacec | 2 Bcu 500, Bcu 500 Firmware | 2024-11-21 | 9.6 Critical |
| Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device. | ||||
| CVE-2023-50685 | 1 Hipcam | 1 Realserver | 2024-11-21 | 7.5 High |
| An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the client_port parameter. | ||||
| CVE-2023-50249 | 1 Sentry | 1 Astro | 2024-11-21 | 7.5 High |
| Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0. | ||||
| CVE-2023-4577 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2024-11-21 | 6.5 Medium |
| When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | ||||
| CVE-2023-4162 | 1 Brocade | 1 Fabric Operating System | 2024-11-21 | 4.4 Medium |
| A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“. | ||||
| CVE-2023-49809 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled. | ||||
| CVE-2023-49800 | 1 Johannschopplich | 1 Nuxt Api Party | 2024-11-21 | 7.5 High |
| `nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directly from the request body. A malicious user can construct a URL known to not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively resulting in a denial of service. This issue has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should limit ofetch options. | ||||