Total
1928 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3872 | 2024-04-16 | N/A | 3.1 LOW | ||
| Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link. | |||||
| CVE-2024-1569 | 2024-04-16 | N/A | 5.3 MEDIUM | ||
| parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software. | |||||
| CVE-2024-0157 | 2024-04-15 | N/A | 5.9 MEDIUM | ||
| Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session. | |||||
| CVE-2023-33026 | 1 Qualcomm | 390 Ar8035, Ar8035 Firmware, Ar9380 and 387 more | 2024-04-12 | N/A | 7.5 HIGH |
| Transient DOS in WLAN Firmware while parsing a NAN management frame. | |||||
| CVE-2022-40513 | 1 Qualcomm | 118 Csr8811, Csr8811 Firmware, Ipq5010 and 115 more | 2024-04-12 | N/A | 7.5 HIGH |
| Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state. | |||||
| CVE-2022-33303 | 1 Qualcomm | 42 Qca6574au, Qca6574au Firmware, Qca6595au and 39 more | 2024-04-12 | N/A | 5.5 MEDIUM |
| Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue. | |||||
| CVE-2023-6678 | 2024-04-12 | N/A | 4.3 MEDIUM | ||
| An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file. | |||||
| CVE-2023-6489 | 2024-04-12 | N/A | 4.3 MEDIUM | ||
| A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature. | |||||
| CVE-2024-3569 | 2024-04-10 | N/A | 7.5 HIGH | ||
| A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially crafted 'Authorization:' header. This vulnerability leads to uncontrolled resource consumption, causing a DoS condition. | |||||
| CVE-2024-26212 | 2024-04-10 | N/A | 7.5 HIGH | ||
| DHCP Server Service Denial of Service Vulnerability | |||||
| CVE-2024-26215 | 2024-04-10 | N/A | 7.5 HIGH | ||
| DHCP Server Service Denial of Service Vulnerability | |||||
| CVE-2017-6017 | 1 Schneider-electric | 30 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 27 more | 2024-04-10 | 7.8 HIGH | 7.5 HIGH |
| A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover. | |||||
| CVE-2024-22164 | 1 Splunk | 1 Enterprise Security | 2024-04-10 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible. | |||||
| CVE-2023-40594 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-04-10 | N/A | 7.5 HIGH |
| In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance. | |||||
| CVE-2023-40593 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-04-10 | N/A | 7.5 HIGH |
| In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon. | |||||
| CVE-2024-30218 | 2024-04-09 | N/A | 6.5 MEDIUM | ||
| The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability. | |||||
| CVE-2024-28949 | 2024-04-05 | N/A | 4.3 MEDIUM | ||
| Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service. | |||||
| CVE-2023-35191 | 2024-04-05 | N/A | 6.8 MEDIUM | ||
| Uncontrolled resource consumption for some Intel(R) SPS firmware versions may allow a privileged user to potentially enable denial of service via network access. | |||||
| CVE-2024-31209 | 2024-04-04 | N/A | 5.3 MEDIUM | ||
| oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_provider_configuration_worker:get_jwks/1`. This issue has been patched in version(s)`3.1.2` & `3.2.0-beta.3`. | |||||
| CVE-2024-22332 | 1 Ibm | 1 Integration Bus | 2024-04-03 | N/A | 6.5 MEDIUM |
| The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972. | |||||