Total
2909 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-12122 | 3 Nodejs, Redhat, Suse | 5 Node.js, Rhel Software Collections, Suse Enterprise Storage and 2 more | 2024-12-13 | 7.5 High |
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. | ||||
CVE-2024-28949 | 1 Mattermost | 1 Mattermost Server | 2024-12-12 | 4.3 Medium |
Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service. | ||||
CVE-2022-33168 | 1 Ibm | 1 Security Directory Suite Va | 2024-12-12 | 7.5 High |
IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588. | ||||
CVE-2024-27874 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2024-12-12 | 7.5 High |
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service. | ||||
CVE-2023-20268 | 1 Cisco | 7 Business 150ax, Business 150ax Firmware, Business 151axm and 4 more | 2024-12-12 | 4.7 Medium |
A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic. | ||||
CVE-2024-2829 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 7.5 High |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service. | ||||
CVE-2023-32229 | 1 Bosch | 17 Autodome 7000i, Autodome 7100 Ir, Autodome Inteox 7000i and 14 more | 2024-12-12 | 4.9 Medium |
Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256. | ||||
CVE-2024-40841 | 1 Apple | 1 Macos | 2024-12-12 | 7.8 High |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination. | ||||
CVE-2023-34166 | 1 Huawei | 1 Emui | 2024-12-12 | 7.5 High |
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart. | ||||
CVE-2023-31348 | 1 Amd | 2 Uprof, Uprof Tool | 2024-12-12 | 7.3 High |
A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
CVE-2023-2683 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-12-11 | 5.3 Medium |
A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error. | ||||
CVE-2024-44160 | 1 Apple | 1 Macos | 2024-12-11 | 7.8 High |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination. | ||||
CVE-2024-44169 | 1 Apple | 8 Ios And Ipados, Ipados, Iphone Os and 5 more | 2024-12-11 | 8.1 High |
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination. | ||||
CVE-2024-27862 | 1 Apple | 1 Macos | 2024-12-10 | 5.3 Medium |
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled. | ||||
CVE-2024-23265 | 1 Apple | 8 Ios, Ipad Os, Ipados and 5 more | 2024-12-09 | 9.8 Critical |
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory. | ||||
CVE-2023-4418 | 1 Sick | 7 Lms500, Lms500 Firmware, Lms511 and 4 more | 2024-12-09 | 7.5 High |
A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users. | ||||
CVE-2021-37865 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service. | ||||
CVE-2022-1337 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 4.3 Medium |
The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files. | ||||
CVE-2022-1982 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 4.3 Medium |
Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post. | ||||
CVE-2022-2406 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API. |