Total
2004 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22642 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | N/A | 7.5 HIGH |
| An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system. | |||||
| CVE-2022-46399 | 1 Microchip | 28 Bm64, Bm64 Firmware, Bm70 and 25 more | 2025-04-17 | N/A | 7.5 HIGH |
| The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero. | |||||
| CVE-2022-46315 | 1 Huawei | 1 Harmonyos | 2025-04-17 | N/A | 7.5 HIGH |
| The ProfileSDK has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. | |||||
| CVE-2025-3016 | 1 Assimp | 1 Assimp | 2025-04-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument mWidth/mHeight leads to resource consumption. The attack can be initiated remotely. Upgrading to version 6.0 is able to address this issue. The name of the patch is 5d2a7482312db2e866439a8c05a07ce1e718bed1. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-21614 | 1 Go-git Project | 1 Go-git | 2025-04-17 | N/A | 7.5 HIGH |
| go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability. | |||||
| CVE-2024-56528 | 1 Snowplow | 1 Stream Collector | 2025-04-15 | N/A | 7.5 HIGH |
| This vulnerability affects Snowplow Collector 3.x before 3.3.0 (unless it’s set up behind a reverse proxy that establishes payload limits). It involves sending very large payloads to the Collector and can render it unresponsive to the rest of the requests. As a result, data would not enter the pipeline and would be potentially lost. | |||||
| CVE-2024-34483 | 1 Facuet | 1 Ryu | 2025-04-15 | N/A | 7.5 HIGH |
| OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPBucket.len=0. | |||||
| CVE-2024-57724 | 1 Sammycage | 1 Lunasvg | 2025-04-15 | N/A | 6.5 MEDIUM |
| lunasvg v3.0.0 was discovered to contain a segmentation violation via the component gray_record_cell. | |||||
| CVE-2022-42929 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-15 | N/A | 6.5 MEDIUM |
| If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. | |||||
| CVE-2022-40899 | 1 Pythoncharmers | 1 Python-future | 2025-04-15 | N/A | 7.5 HIGH |
| An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. | |||||
| CVE-2022-47934 | 1 Brave | 1 Brave | 2025-04-15 | N/A | 6.5 MEDIUM |
| Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934. | |||||
| CVE-2022-47932 | 1 Brave | 1 Brave | 2025-04-15 | N/A | 6.5 MEDIUM |
| Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933. | |||||
| CVE-2022-28229 | 1 Userver | 1 Userver | 2025-04-15 | N/A | 7.5 HIGH |
| The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions. | |||||
| CVE-2002-20001 | 6 Balasys, F5, Hpe and 3 more | 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more | 2025-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. | |||||
| CVE-2025-27829 | 2025-04-14 | N/A | 7.3 HIGH | ||
| An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.35. If multicast streams are enabled on different interfaces, it may be possible to interrupt multicast traffic on some of these interfaces. That could result in a denial of the multicast routing service on the firewall. | |||||
| CVE-2022-3064 | 1 Yaml Project | 1 Yaml | 2025-04-14 | N/A | 7.5 HIGH |
| Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. | |||||
| CVE-2014-7970 | 3 Canonical, Linux, Novell | 3 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Server | 2025-04-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. | |||||
| CVE-2014-3672 | 2 Redhat, Xen | 2 Libvirt, Xen | 2025-04-12 | 2.1 LOW | 6.5 MEDIUM |
| The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | |||||
| CVE-2014-1500 | 5 Mozilla, Opensuse, Opensuse Project and 2 more | 8 Firefox, Seamonkey, Opensuse and 5 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. | |||||
| CVE-2016-0747 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. | |||||