Total
2847 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31348 | 1 Amd | 1 Uprof Tool | 2024-08-14 | 7.3 High |
| A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2024-7567 | 1 Rockwellautomation | 2 Micro850 Firmware, Micro870 Firmware | 2024-08-14 | N/A |
| A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration. | ||||
| CVE-2024-0760 | 2024-08-13 | 7.5 High | ||
| A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1. | ||||
| CVE-2022-4003 | 1 Motorola | 2 Q14, Q14 Firmware | 2024-08-13 | 2.7 Low |
| A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request. | ||||
| CVE-2024-27355 | 2024-08-13 | 7.5 High | ||
| An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID). | ||||
| CVE-2023-44321 | 1 Siemens | 142 6ag1206-2bb00-7ac2, 6ag1206-2bb00-7ac2 Firmware, 6ag1206-2bs00-7ac2 and 139 more | 2024-08-13 | 2.7 Low |
| Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again. | ||||
| CVE-2024-30170 | 2 Privx, Ssh | 2 Privx, Privx | 2024-08-12 | 7.5 High |
| PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later, | ||||
| CVE-2024-41991 | 2 Djangoproject, Redhat | 2 Django, Ansible Automation Platform | 2024-08-12 | 7.5 High |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. | ||||
| CVE-2023-45622 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-08-12 | 7.5 High |
| Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point. | ||||
| CVE-2023-38043 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2024-08-12 | 7.8 High |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | ||||
| CVE-2023-47025 | 1 Free5gc | 1 Free5gc | 2024-08-12 | 5.5 Medium |
| An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component. | ||||
| CVE-2024-28053 | 2024-08-12 | 3.1 Low | ||
| Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server. | ||||
| CVE-2024-34688 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-09 | 7.5 High |
| Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability of the application. | ||||
| CVE-2024-33001 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-09 | 6.5 Medium |
| SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate users causing high impact on availability of the application. | ||||
| CVE-2024-27088 | 2024-08-09 | 0 Low | ||
| es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63. | ||||
| CVE-2024-41989 | 2 Djangoproject, Redhat | 2 Django, Ansible Automation Platform | 2024-08-08 | 7.5 High |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. | ||||
| CVE-2022-48650 | 2024-08-08 | 4.4 Medium | ||
| In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() Commit 8f394da36a36 ("scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG") made the __qlt_24xx_handle_abts() function return early if tcm_qla2xxx_find_cmd_by_tag() didn't find a command, but it missed to clean up the allocated memory for the management command. | ||||
| CVE-2001-0666 | 1 Microsoft | 1 Exchange Server | 2024-08-08 | N/A |
| Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. | ||||
| CVE-2002-20001 | 6 Balasys, F5, Hpe and 3 more | 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more | 2024-08-08 | 7.5 High |
| The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. | ||||
| CVE-2002-0368 | 1 Microsoft | 1 Exchange Server | 2024-08-08 | N/A |
| The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." | ||||