Total
2847 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49140 | 1 Jtekt | 20 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 17 more | 2024-08-02 | 7.5 High |
| Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. | ||||
| CVE-2023-48833 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-08-02 | 7.5 High |
| A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. | ||||
| CVE-2023-49143 | 1 Jtekt | 20 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 17 more | 2024-08-02 | 7.5 High |
| Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. | ||||
| CVE-2023-48831 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-08-02 | 7.5 High |
| A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. | ||||
| CVE-2023-48834 | 1 Phpjabbers | 1 Car Rental Script | 2024-08-02 | 7.5 High |
| A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. | ||||
| CVE-2023-48840 | 1 Phpjabbers | 1 Appointment Scheduler | 2024-08-02 | 7.5 High |
| A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. | ||||
| CVE-2023-48713 | 1 Knative | 1 Serving | 2024-08-02 | 6.5 Medium |
| Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0. | ||||
| CVE-2023-48369 | 1 Mattermost | 1 Mattermost | 2024-08-02 | 4.3 Medium |
| Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log. | ||||
| CVE-2023-48268 | 1 Mattermost | 1 Mattermost | 2024-08-02 | 4.3 Medium |
| Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb). | ||||
| CVE-2023-48297 | 1 Discourse | 1 Discourse | 2024-08-02 | 8.6 High |
| Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5. | ||||
| CVE-2023-47633 | 1 Traefik | 1 Traefik | 2024-08-02 | 7.5 High |
| Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-47235 | 2 Frrouting, Redhat | 3 Frrouting, Enterprise Linux, Rhel Eus | 2024-08-02 | 7.5 High |
| An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. | ||||
| CVE-2023-46131 | 1 Grails | 1 Grails | 2024-08-02 | 6.5 Medium |
| Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0. | ||||
| CVE-2023-46136 | 2 Palletsprojects, Redhat | 3 Werkzeug, Openshift Ironic, Openstack | 2024-08-02 | 8 High |
| Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1. | ||||
| CVE-2023-46118 | 2 Redhat, Vmware | 2 Openstack, Rabbitmq | 2024-08-02 | 4.9 Medium |
| RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7. | ||||
| CVE-2023-46103 | 2024-08-02 | 4.7 Medium | ||
| Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-45847 | 1 Mattermost | 1 Mattermost Server | 2024-08-02 | 4.3 Medium |
| Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin | ||||
| CVE-2023-45196 | 2 Adminer, Adminerevo | 2 Adminer, Adminerevo | 2024-08-02 | N/A |
| Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4. | ||||
| CVE-2023-45028 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-08-02 | 5.5 Medium |
| An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-44271 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Ansible Automation Platform and 1 more | 2024-08-02 | 7.5 High |
| An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. | ||||