Total
2847 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31028 | 1 Minio | 1 Minio | 2024-08-03 | 7.5 High |
| MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections. Public-facing MinIO deployments are most affected. Users should upgrade to RELEASE.2022-06-02T02-11-04Z to receive a patch. One possible workaround is to use a reverse proxy to limit the number of connections being attempted in front of MinIO, and actively rejecting connections from such malicious clients. | ||||
| CVE-2022-30858 | 1 Miniupnp Project | 1 Ngiflib | 2024-08-03 | 6.5 Medium |
| An issue was discovered in ngiflib 0.4. There is SEGV in SDL_LoadAnimatedGif when use SDLaffgif. poc : ./SDLaffgif CA_file2_0 | ||||
| CVE-2022-30691 | 1 Intel | 1 Support | 2024-08-03 | 5.9 Medium |
| Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2022-30551 | 1 Opcfoundation | 1 Ua-java | 2024-08-03 | 7.5 High |
| OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. | ||||
| CVE-2022-30122 | 3 Debian, Rack Project, Redhat | 5 Debian Linux, Rack, Satellite and 2 more | 2024-08-03 | 7.5 High |
| A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. | ||||
| CVE-2022-29885 | 3 Apache, Debian, Oracle | 3 Tomcat, Debian Linux, Hospitality Cruise Shipboard Property Management System | 2024-08-03 | 7.5 High |
| The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. | ||||
| CVE-2022-29866 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2024-08-03 | 7.5 High |
| OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption. | ||||
| CVE-2022-29864 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2024-08-03 | 7.5 High |
| OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption. | ||||
| CVE-2022-29243 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-03 | 4.3 Medium |
| Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance. Versions 22.2.7 and 23.0.4 contain a fix for this issue. There are currently no known workarounds available. | ||||
| CVE-2022-29225 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-08-03 | 7.5 High |
| Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression. | ||||
| CVE-2022-29202 | 1 Google | 1 Tensorflow | 2024-08-03 | 5.5 Medium |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | ||||
| CVE-2022-29167 | 1 Mozilla | 1 Hawk | 2024-08-03 | 7.4 High |
| Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`. | ||||
| CVE-2022-29177 | 1 Ethereum | 1 Go Ethereum | 2024-08-03 | 5.9 Medium |
| Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack. | ||||
| CVE-2022-28657 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-08-03 | 7.8 High |
| Apport does not disable python crash handler before entering chroot | ||||
| CVE-2022-28191 | 1 Nvidia | 1 Virtual Gpu | 2024-08-03 | 5.5 Medium |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial of service. | ||||
| CVE-2022-27937 | 1 Pexip | 1 Pexip Infinity | 2024-08-03 | 7.5 High |
| Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264. | ||||
| CVE-2022-27943 | 2 Fedoraproject, Gnu | 2 Fedora, Gcc | 2024-08-03 | 5.5 Medium |
| libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | ||||
| CVE-2022-27781 | 5 Debian, Haxx, Netapp and 2 more | 17 Debian Linux, Curl, Clustered Data Ontap and 14 more | 2024-08-03 | 7.5 High |
| libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. | ||||
| CVE-2022-27664 | 3 Fedoraproject, Golang, Redhat | 19 Fedora, Go, Acm and 16 more | 2024-08-03 | 7.5 High |
| In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. | ||||
| CVE-2022-27640 | 1 Siemens | 4 Simatic Cp 442-1 Rna, Simatic Cp 442-1 Rna Firmware, Simatic Cp 443-1 Rna and 1 more | 2024-08-03 | 6.5 Medium |
| A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests. This could allow an attacker to create a denial of service condition by performing ARP storming attacks, which can cause the device to reboot. | ||||