Total
3477 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49713 | 1 Jtekt | 20 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 17 more | 2024-11-21 | 7.5 High |
| Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. | ||||
| CVE-2023-49143 | 1 Jtekt | 20 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 17 more | 2024-11-21 | 7.5 High |
| Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. | ||||
| CVE-2023-49140 | 1 Jtekt | 20 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 17 more | 2024-11-21 | 7.5 High |
| Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. | ||||
| CVE-2023-48840 | 1 Phpjabbers | 1 Appointment Scheduler | 2024-11-21 | 7.5 High |
| A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. | ||||
| CVE-2023-48833 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-11-21 | 7.5 High |
| A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. | ||||
| CVE-2023-48831 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-11-21 | 7.5 High |
| A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. | ||||
| CVE-2023-48713 | 1 Knative | 1 Serving | 2024-11-21 | 6.5 Medium |
| Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0. | ||||
| CVE-2023-48369 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.3 Medium |
| Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log. | ||||
| CVE-2023-47025 | 1 Free5gc | 1 Free5gc | 2024-11-21 | 5.5 Medium |
| An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component. | ||||
| CVE-2023-46737 | 1 Sigstore | 1 Cosign | 2024-11-21 | 3.1 Low |
| Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is that Cosign loops through all attestations fetched from the remote registry in pkg/cosign.FetchAttestations. The attacker needs to compromise the registry or make a request to a registry they control. When doing so, the attacker must return a high number of attestations in the response to Cosign. The result will be that the attacker can cause Cosign to go into a long or infinite loop that will prevent other users from verifying their data. In Kyvernos case, an attacker whose privileges are limited to making requests to the cluster can make a request with an image reference to their own registry, trigger the infinite loop and deny other users from completing their admission requests. Alternatively, the attacker can obtain control of the registry used by an organization and return a high number of attestations instead the expected number of attestations. The issue can be mitigated rather simply by setting a limit to the limit of attestations that Cosign will loop through. The limit does not need to be high to be within the vast majority of use cases and still prevent the endless data attack. This issue has been patched in version 2.2.1 and users are advised to upgrade. | ||||
| CVE-2023-46361 | 1 Artifex | 1 Jbig2dec | 2024-11-21 | 6.5 Medium |
| Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c. | ||||
| CVE-2023-46278 | 1 Cybozu | 1 Cybozu Remote Service | 2024-11-21 | 6.5 Medium |
| Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication. | ||||
| CVE-2023-46131 | 1 Grails | 1 Grails | 2024-11-21 | 6.5 Medium |
| Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0. | ||||
| CVE-2023-46120 | 1 Vmware | 1 Rabbitmq Java Client | 2024-11-21 | 4.9 Medium |
| The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0. | ||||
| CVE-2023-46103 | 1 Redhat | 1 Enterprise Linux | 2024-11-21 | 4.7 Medium |
| Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-45956 | 1 Govee | 2 Led Strip, Led Strip Firmware | 2024-11-21 | 7.5 High |
| An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands. | ||||
| CVE-2023-45955 | 1 Nanoleaf | 2 Lightstrip, Lightstrip Firmware | 2024-11-21 | 7.5 High |
| An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands. | ||||
| CVE-2023-45810 | 1 Openfga | 1 Openfga | 2024-11-21 | 5.3 Medium |
| OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of `ListObjects` calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-45622 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-11-21 | 7.5 High |
| Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point. | ||||
| CVE-2023-45621 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-11-21 | 7.5 High |
| Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point. | ||||