Total
334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0984 | 1 Google | 1 Android | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192475653 | |||||
| CVE-2022-3318 | 1 Google | 2 Chrome, Chrome Os | 2023-08-08 | N/A | 4.3 MEDIUM |
| Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI interaction. (Chromium security severity: Low) | |||||
| CVE-2022-1210 | 2 Libtiff, Netapp | 2 Libtiff, Ontap Select Deploy Administration Utility | 2023-07-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-12049 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Dbus | 2023-06-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. | |||||
| CVE-2023-29726 | 1 Applika | 1 Call Blocker | 2023-06-07 | N/A | 7.5 HIGH |
| The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application's database. When the application starts, it loads the data from the database into memory. Once the attacker injects too much data, the application triggers an OOM error and crashes, resulting in a persistent denial of service. | |||||
| CVE-2022-3553 | 1 X.org | 1 X Server | 2023-05-30 | N/A | 6.5 MEDIUM |
| A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability. | |||||
| CVE-2022-35191 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2023-04-26 | N/A | 6.5 MEDIUM |
| D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request. | |||||
| CVE-2021-46322 | 1 Duktape Project | 1 Duktape | 2023-04-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c. | |||||
| CVE-2022-1289 | 1 Tildearrow | 1 Furnace | 2023-03-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce. | |||||
| CVE-2019-5603 | 1 Freebsd | 1 Freebsd | 2023-03-01 | 7.2 HIGH | 7.8 HIGH |
| In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users. | |||||
| CVE-2022-25762 | 2 Apache, Oracle | 2 Tomcat, Agile Plm | 2023-02-23 | 7.5 HIGH | 8.6 HIGH |
| If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors. | |||||
| CVE-2023-0412 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-02-14 | N/A | 7.1 HIGH |
| TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file | |||||
| CVE-2020-14307 | 1 Redhat | 5 Amq, Jboss Enterprise Application Platform Continuous Delivery, Jboss Fuse and 2 more | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable. | |||||
| CVE-2017-7472 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls. | |||||
| CVE-2023-0417 | 1 Wireshark | 1 Wireshark | 2023-02-09 | N/A | 6.5 MEDIUM |
| Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file | |||||
| CVE-2023-0415 | 1 Wireshark | 1 Wireshark | 2023-02-09 | N/A | 6.5 MEDIUM |
| iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file | |||||
| CVE-2023-0413 | 1 Wireshark | 1 Wireshark | 2023-02-09 | N/A | 6.5 MEDIUM |
| Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file | |||||
| CVE-2023-24444 | 1 Jenkins | 1 Openid | 2023-02-02 | N/A | 9.8 CRITICAL |
| Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login. | |||||
| CVE-2023-0414 | 1 Wireshark | 1 Wireshark | 2023-02-01 | N/A | 6.5 MEDIUM |
| Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2023-0416 | 1 Wireshark | 1 Wireshark | 2023-02-01 | N/A | 6.5 MEDIUM |
| GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file | |||||