Total
1107 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8391 | 3 Eclipse, Eclipse Foundation, Redhat | 5 Vert.x, Vert.x, Camel Quarkus and 2 more | 2024-09-12 | 7.5 High |
| In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc) | ||||
| CVE-2024-41175 | 1 Beckhoff | 2 Ipc Diagnostics Package, Twincat\/bsd | 2024-09-12 | 5.5 Medium |
| The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker. | ||||
| CVE-2024-21658 | 1 Discourse | 1 Discourse Calendar | 2024-09-05 | 4.3 Medium |
| discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible. | ||||
| CVE-2024-43410 | 1 Russh Project | 1 Russh | 2024-08-21 | 7.5 High |
| Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1. | ||||
| CVE-2024-41727 | 1 F5 | 23 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 20 more | 2024-08-20 | 7.5 High |
| In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-6098 | 2024-08-19 | 5.3 Medium | ||
| When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service condition and crash the Kepware application. By default, these functions are turned off, yet they remain accessible for users who recognize and require their advantages. | ||||
| CVE-2024-7113 | 2024-08-15 | N/A | ||
| If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack. | ||||