Total
2142 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-20001 | 1 Starwindsoftware | 1 Iscsi San | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 build 2007-02-20. | |||||
| CVE-2024-9409 | 1 Schneider-electric | 6 Powerlogic Pm5320, Powerlogic Pm5320 Firmware, Powerlogic Pm5340 and 3 more | 2024-11-19 | N/A | 7.5 HIGH |
| CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network. | |||||
| CVE-2023-20125 | 2024-11-18 | N/A | 8.6 HIGH | ||
| A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition. This vulnerability exists because rate limiting does not occur for certain incoming TCP connections. An attacker could exploit this vulnerability by sending a high rate of TCP connections to the server. A successful exploit could allow the attacker to cause TCP connection resources to grow rapidly until the Cisco BroadWorks Network Server becomes unusable. Note: To recover from this vulnerability, either Cisco BroadWorks Network Server software must be restarted or the Cisco BroadWorks Network Server node must be rebooted. For more information, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2024-52520 | 2024-11-18 | N/A | 5.7 MEDIUM | ||
| Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7. | |||||
| CVE-2024-47535 | 2024-11-13 | N/A | 5.5 MEDIUM | ||
| Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115. | |||||
| CVE-2024-48989 | 2024-11-13 | N/A | 7.5 HIGH | ||
| A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages. | |||||
| CVE-2024-6762 | 1 Eclipse | 1 Jetty | 2024-11-08 | N/A | 6.5 MEDIUM |
| Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. | |||||
| CVE-2024-8184 | 1 Eclipse | 1 Jetty | 2024-11-08 | N/A | 6.5 MEDIUM |
| There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. | |||||
| CVE-2024-10599 | 1 Tongda2000 | 1 Office Anywhere | 2024-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-21536 | 1 Chimurai | 1 Http-proxy-middleware | 2024-11-01 | N/A | 7.5 HIGH |
| Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. | |||||
| CVE-2024-50354 | 2024-11-01 | N/A | 5.5 MEDIUM | ||
| gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory. | |||||
| CVE-2024-20526 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-10-31 | N/A | 5.3 MEDIUM |
| A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH session is established. An attacker could exploit this vulnerability by sending crafted SSH messages to an affected device. A successful exploit could allow the attacker to exhaust available SSH resources on the affected device so that new SSH connections to the device are denied, resulting in a DoS condition. Existing SSH connections to the device would continue to function normally. The device must be rebooted manually to recover. However, user traffic would not be impacted and could be managed using a remote application such as Cisco Adaptive Security Device Manager (ASDM). | |||||
| CVE-2024-38149 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-22 | N/A | 7.5 HIGH |
| BranchCache Denial of Service Vulnerability | |||||
| CVE-2024-43789 | 1 Discourse | 1 Discourse | 2024-10-19 | N/A | 4.3 MEDIUM |
| Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-43506 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-17 | N/A | 7.5 HIGH |
| BranchCache Denial of Service Vulnerability | |||||
| CVE-2024-43515 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-17 | N/A | 7.5 HIGH |
| Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability | |||||
| CVE-2024-43545 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-17 | N/A | 7.5 HIGH |
| Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | |||||
| CVE-2024-43541 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-17 | N/A | 7.5 HIGH |
| Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | |||||
| CVE-2024-43544 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-17 | N/A | 7.5 HIGH |
| Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | |||||
| CVE-2024-45736 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-16 | N/A | 6.5 MEDIUM |
| In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd). | |||||