Total
2848 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-1737 | 1 Redhat | 7 Enterprise Linux, Openshift, Rhel Aus and 4 more | 2024-08-01 | 7.5 High |
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. | ||||
CVE-2024-1569 | 2024-08-01 | N/A | ||
parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software. | ||||
CVE-2024-1410 | 2024-08-01 | 3.7 Low | ||
Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers (IDs); see RFC 9000 Section 5.1 https://datatracker.ietf.org/doc/html/rfc9000#section-5.1 . Endpoints declare the number of active connection IDs they are willing to support using the active_connection_id_limit transport parameter. The peer can create new IDs using a NEW_CONNECTION_ID frame but must stay within the active ID limit. This is done by retirement of old IDs, the endpoint sends NEW_CONNECTION_ID includes a value in the retire_prior_to field, which elicits a RETIRE_CONNECTION_ID frame as confirmation. An unauthenticated remote attacker can exploit the vulnerability by sending NEW_CONNECTION_ID frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that RETIRE_CONNECTION_ID frames can only be sent at a slower rate than they are received, leading to storage of information related to connection IDs in an unbounded queue. Quiche versions 0.19.2 and 0.20.1 are the earliest to address this problem. There is no workaround for affected versions. | ||||
CVE-2024-1402 | 1 Mattermost | 1 Mattermost Server | 2024-08-01 | 4.3 Medium |
Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post and to crash the server due to overloading when clients attempt to retrive the aforementioned post. | ||||
CVE-2024-1309 | 2024-08-01 | 6.5 Medium | ||
Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1. | ||||
CVE-2024-1163 | 2024-08-01 | N/A | ||
Uncontrolled Resource Consumption in GitHub repository mbloch/mapshaper prior to 0.6.44. | ||||
CVE-2024-1014 | 1 Se-elektronicgmbh | 2 E-ddc3.3, E-ddc3.3 Firmware | 2024-08-01 | 6.2 Medium |
Uncontrolled resource consumption vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could interrupt the availability of the administration panel by sending multiple ICMP packets. | ||||
CVE-2024-0752 | 1 Mozilla | 1 Firefox | 2024-08-01 | 6.5 Medium |
A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122. | ||||
CVE-2024-0581 | 1 Sandsprite | 1 Scdbg | 2024-08-01 | 4 Medium |
An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this shellcode sequence to shut down the application and evade the scan. | ||||
CVE-2024-0348 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-08-01 | 4.3 Medium |
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116. | ||||
CVE-2024-0240 | 2024-08-01 | 6.5 Medium | ||
A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. | ||||
CVE-2024-0241 | 1 Diaconou | 1 Encodedid\ | 2024-08-01 | 7.5 High |
encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter. | ||||
CVE-2024-0157 | 2024-08-01 | 5.9 Medium | ||
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session. | ||||
CVE-2024-0026 | 2024-08-01 | 4.7 Medium | ||
In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-26639 | 2024-06-20 | 5.5 Medium | ||
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
CVE-2021-47575 | 2024-06-20 | 5.5 Medium | ||
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
CVE-2021-47574 | 2024-06-20 | 5.5 Medium | ||
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
CVE-2021-47573 | 2024-06-20 | 5.5 Medium | ||
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
CVE-2022-40433 | 1 Redhat | 6 Enterprise Linux, Openjdk, Rhel Aus and 3 more | 2024-02-17 | 4.9 Medium |
** REJECT ** This CVE ID has been rejected by its CNA as it was not a security issue. | ||||
CVE-2021-3487 | 1 Redhat | 1 Enterprise Linux | 2023-11-20 | 0.0 Low |
Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt |