Total
1107 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6826 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file. | ||||
| CVE-2024-4539 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service. | ||||
| CVE-2024-28949 | 1 Mattermost | 1 Mattermost Server | 2024-12-12 | 4.3 Medium |
| Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service. | ||||
| CVE-2022-48498 | 1 Huawei | 1 Emui | 2024-12-12 | 7.5 High |
| Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-2454 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request. | ||||
| CVE-2024-9367 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 4.3 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs. | ||||
| CVE-2024-27804 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-12-12 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2023-34166 | 1 Huawei | 1 Emui | 2024-12-12 | 7.5 High |
| Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart. | ||||
| CVE-2023-34455 | 2 Redhat, Xerial | 7 Amq Broker, Amq Streams, Camel K and 4 more | 2024-12-11 | 7.5 High |
| snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn’t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk. In the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn’t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error. Version 1.1.10.1 contains a patch for this issue. | ||||
| CVE-2024-2818 | 1 Gitlab | 1 Gitlab | 2024-12-11 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels. | ||||
| CVE-2024-47967 | 2024-12-11 | 4.4 Medium | ||
| Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. | ||||
| CVE-2024-36462 | 1 Zabbix | 1 Zabbix | 2024-12-10 | 7.5 High |
| Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. This can cause a denial-of-service (DoS) attack or degrade the performance of the affected system. | ||||
| CVE-2020-28400 | 2 Seimens, Siemens | 188 Scalance M812-1 Adsl-router Annex A, Scalance M812-1 Adsl-router Annex B, Development Evaluation Kits For Profinet Io Dk Standard Ethernet Controller and 185 more | 2024-12-10 | 7.5 High |
| Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device. | ||||
| CVE-2022-1337 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 4.3 Medium |
| The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files. | ||||
| CVE-2022-1333 | 1 Mattermost | 1 Playbooks | 2024-12-06 | 3.5 Low |
| Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service. | ||||
| CVE-2022-2406 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API. | ||||
| CVE-2022-3147 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 3.1 Low |
| Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service. | ||||
| CVE-2022-4019 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints. | ||||
| CVE-2022-4044 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages. | ||||
| CVE-2022-4045 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 3.1 Low |
| A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data. | ||||