Total
1928 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3733 | 4 Fedoraproject, Netapp, Python and 1 more | 20 Extra Packages For Enterprise Linux, Fedora, Hci Compute Node Firmware and 17 more | 2023-06-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | |||||
| CVE-2021-28510 | 1 Arista | 77 7020r, 7050cx3-32s, 7050cx3m-32s and 74 more | 2023-06-30 | N/A | 7.5 HIGH |
| For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable. | |||||
| CVE-2023-21176 | 1 Google | 1 Android | 2023-06-30 | N/A | 4.4 MEDIUM |
| In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222287335 | |||||
| CVE-2022-24741 | 1 Nextcloud | 1 Nextcloud Server | 2023-06-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `'enable_previews'` config flag. | |||||
| CVE-2022-2406 | 1 Mattermost | 1 Mattermost | 2023-06-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API. | |||||
| CVE-2023-2990 | 1 Globalscape | 1 Eft Server | 2023-06-30 | N/A | 7.5 HIGH |
| Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service | |||||
| CVE-2023-3398 | 1 Diagrams | 1 Drawio | 2023-06-30 | N/A | 7.5 HIGH |
| Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3. | |||||
| CVE-2022-2962 | 1 Qemu | 1 Qemu | 2023-06-28 | N/A | 7.8 HIGH |
| A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. | |||||
| CVE-2023-2785 | 1 Mattermost | 1 Mattermost | 2023-06-28 | N/A | 4.3 MEDIUM |
| Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service | |||||
| CVE-2022-23524 | 1 Helm | 1 Helm | 2023-06-27 | N/A | 7.5 HIGH |
| Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions. | |||||
| CVE-2023-34166 | 1 Huawei | 1 Emui | 2023-06-27 | N/A | 7.5 HIGH |
| Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart. | |||||
| CVE-2022-23591 | 1 Google | 1 Tensorflow | 2023-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2023-2793 | 1 Mattermost | 1 Mattermost | 2023-06-26 | N/A | 6.5 MEDIUM |
| Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message. | |||||
| CVE-2023-2831 | 1 Mattermost | 1 Mattermost | 2023-06-26 | N/A | 6.5 MEDIUM |
| Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters. | |||||
| CVE-2023-2778 | 1 Rockwellautomation | 1 Factorytalk Transaction Manager | 2023-06-26 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS. | |||||
| CVE-2022-44566 | 1 Activerecord Project | 1 Activerecord | 2023-06-23 | N/A | 7.5 HIGH |
| A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service. | |||||
| CVE-2022-33168 | 1 Ibm | 1 Security Directory Suite Va | 2023-06-21 | N/A | 7.5 HIGH |
| IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588. | |||||
| CVE-2019-10952 | 1 Rockwellautomation | 8 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compactlogix 5370 L1 and 5 more | 2023-06-20 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. | |||||
| CVE-2023-32114 | 1 Sap | 1 Netweaver | 2023-06-16 | N/A | 2.7 LOW |
| SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application. | |||||
| CVE-2023-35053 | 1 Jetbrains | 1 Youtrack | 2023-06-16 | N/A | 7.5 HIGH |
| In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms | |||||