Total
2847 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22553 | 1 Google | 1 Gerrit | 2024-09-16 | 6.5 Medium |
| Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above. | ||||
| CVE-2016-10521 | 1 Jshamcrest Project | 1 Jshamcrest | 2024-09-16 | 7.5 High |
| jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator. | ||||
| CVE-2020-14522 | 1 Softing | 1 Opc | 2024-09-16 | 7.5 High |
| Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition. | ||||
| CVE-2018-0418 | 1 Cisco | 11 Asr 9000v, Asr 9001, Asr 9006 and 8 more | 2024-09-16 | 8.6 High |
| A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858. | ||||
| CVE-2019-16022 | 1 Cisco | 28 Asr 9000v, Asr 9001, Asr 9006 and 25 more | 2024-09-16 | 8.6 High |
| Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. | ||||
| CVE-2015-1201 | 1 Privoxy | 1 Privoxy | 2024-09-16 | N/A |
| Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2015-9239 | 1 Ansi2html Project | 1 Ansi2html | 2024-09-16 | 7.5 High |
| ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. | ||||
| CVE-2020-3505 | 1 Cisco | 16 8000p Ip Camera, 8000p Ip Camera Firmware, 8020 Ip Camera and 13 more | 2024-09-16 | 6.5 Medium |
| A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | ||||
| CVE-2017-16116 | 1 String Project | 1 String | 2024-09-16 | 7.5 High |
| The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. | ||||
| CVE-2020-7743 | 2 Mathjs, Redhat | 2 Mathjs, Ansible Tower | 2024-09-16 | 7.3 High |
| The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. | ||||
| CVE-2024-4437 | 1 Redhat | 1 Openstack | 2024-09-16 | 7.5 High |
| The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. | ||||
| CVE-2024-4436 | 1 Redhat | 1 Openstack | 2024-09-16 | 7.5 High |
| The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. | ||||
| CVE-2020-9059 | 2 Schlage, Silabs | 2 Be468, 500 Series Firmware | 2024-09-16 | 6.5 Medium |
| Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level. | ||||
| CVE-2020-7767 | 1 Express-validators Project | 1 Express-validators | 2024-09-16 | 5.3 Medium |
| All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls. | ||||
| CVE-2016-10540 | 1 Minimatch Project | 1 Minimatch | 2024-09-16 | N/A |
| Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. | ||||
| CVE-2018-14044 | 1 Surina | 1 Soundtouch | 2024-09-16 | N/A |
| The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. | ||||
| CVE-2020-1687 | 1 Juniper | 1 Junos | 2024-09-16 | 6.5 Medium |
| On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. This issue affects devices that are configured as a Layer 2 or Layer 3 gateway of an EVPN-VXLAN deployment. The offending layer 2 frames that cause the issue originate from a different access switch that get encapsulated within the same EVPN-VXLAN domain. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2. | ||||
| CVE-2019-8909 | 1 Wtcms Project | 1 Wtcms | 2024-09-16 | N/A |
| An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image. | ||||
| CVE-2020-29490 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Vsa Operating Environment, Emc Unity Xt Operating Environment | 2024-09-16 | 7.5 High |
| Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests. | ||||
| CVE-2018-5817 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-09-16 | N/A |
| A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. | ||||