Total
334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40122 | 1 Cisco | 1 Meeting Server | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable API. A successful exploit could allow the attacker to cause the affected device to reload, dropping all ongoing calls and resulting in a DoS condition. | |||||
| CVE-2020-8619 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-11-07 | 4.0 MEDIUM | 4.9 MEDIUM |
| In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable. | |||||
| CVE-2020-3555 | 1 Cisco | 3 Adaptive Security Appliance, Adaptive Security Appliance Software, Firepower Threat Defense | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a watchdog timeout and crash during the cleanup of threads that are associated with a SIP connection that is being deleted from the connection list. An attacker could exploit this vulnerability by sending a high rate of crafted SIP traffic through an affected device. A successful exploit could allow the attacker to cause a watchdog timeout and crash, resulting in a crash and reload of the affected device. | |||||
| CVE-2020-26070 | 1 Cisco | 12 Asr 9000v, Asr 9001, Asr 9006 and 9 more | 2023-11-07 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when an affected device processes network traffic in software switching mode (punted). An attacker could exploit this vulnerability by sending specific streams of Layer 2 or Layer 3 protocol data units (PDUs) to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could make the device unable to process or forward traffic, resulting in a DoS condition. The device would need to be restarted to regain functionality. | |||||
| CVE-2020-0549 | 5 Canonical, Debian, Fedoraproject and 2 more | 858 Ubuntu Linux, Debian Linux, Fedora and 855 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-0548 | 1 Intel | 854 Celeron 3855u, Celeron 3855u Firmware, Celeron 3865u and 851 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-19886 | 2 Fedoraproject, Trustwave | 2 Fedora, Modsecurity | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc. | |||||
| CVE-2012-2805 | 1 Ffmpeg | 1 Ffmpeg | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. | |||||
| CVE-2021-1093 | 2 Debian, Nvidia | 2 Debian Linux, Gpu Display Driver | 2023-10-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash. | |||||
| CVE-2021-1077 | 1 Nvidia | 1 Gpu Display Driver | 2023-10-13 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service. | |||||
| CVE-2023-5255 | 1 Puppet | 2 Puppet, Puppet Server | 2023-10-05 | N/A | 7.5 HIGH |
| For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. | |||||
| CVE-2023-4882 | 1 Open5gs | 1 Open5gs | 2023-10-05 | N/A | 7.5 HIGH |
| DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash. | |||||
| CVE-2022-3637 | 1 Bluez | 1 Bluez | 2023-09-22 | N/A | 5.5 MEDIUM |
| A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936. | |||||
| CVE-2023-20897 | 1 Saltstack | 1 Salt | 2023-09-14 | N/A | 5.3 MEDIUM |
| Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted. | |||||
| CVE-2022-3407 | 1 Motorola | 1 Smartphone Firmware | 2023-09-08 | N/A | 4.3 MEDIUM |
| I some cases, when the device is USB-tethered to a host PC, and the device is sharing its mobile network connection with the host PC, if the user originates a call on the device, then the device's modem may reset and cause the phone call to not succeed. This may block the user from dialing emergency services. This patch resolves the device's modem reset issue. | |||||
| CVE-2021-40546 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2023-09-07 | N/A | 4.9 MEDIUM |
| Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi. | |||||
| CVE-2019-1708 | 1 Cisco | 10 Adaptive Security Appliance Software, Asa-5506-x, Asa-5525-x and 7 more | 2023-08-15 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses. | |||||
| CVE-2019-1705 | 1 Cisco | 9 Adaptive Security Appliance Software, Asa 5506-x, Asa 5506h-x and 6 more | 2023-08-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulnerability by requesting an excessive number of remote access VPN sessions. An exploit could allow the attacker to cause a DoS condition. | |||||
| CVE-2019-1706 | 1 Cisco | 9 Adaptive Security Appliance Software, Asa-5506-x, Asa-5506h-x and 6 more | 2023-08-15 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by creating and sending traffic in a high number of IPsec sessions through the targeted device. A successful exploit could cause the device to reload and result in a DoS condition. | |||||
| CVE-2021-44717 | 3 Debian, Golang, Opengroup | 3 Debian Linux, Go, Unix | 2023-08-08 | 5.8 MEDIUM | 4.8 MEDIUM |
| Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | |||||