Total
2015 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21289 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 7.5 HIGH |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | |||||
| CVE-2025-0704 | 2025-01-24 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Affected is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument w/h leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2023-21110 | 1 Google | 1 Android | 2025-01-24 | N/A | 7.8 HIGH |
| In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258422365 | |||||
| CVE-2023-20930 | 1 Google | 1 Android | 2025-01-24 | N/A | 5.5 MEDIUM |
| In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-250576066 | |||||
| CVE-2024-25978 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | N/A | 7.5 HIGH |
| Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality. | |||||
| CVE-2025-21330 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-01-21 | N/A | 7.5 HIGH |
| Windows Remote Desktop Services Denial of Service Vulnerability | |||||
| CVE-2024-24975 | 1 Mattermost | 1 Mattermost Mobile | 2025-01-21 | N/A | 3.5 LOW |
| Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block that will be processed by the syntax highlighter, allowing an attacker to send a very large code block and crash the mobile app. | |||||
| CVE-2024-3872 | 1 Mattermost | 1 Mattermost Mobile | 2025-01-21 | N/A | 3.1 LOW |
| Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link. | |||||
| CVE-2024-41946 | 1 Ruby-lang | 1 Rexml | 2025-01-17 | N/A | 5.3 MEDIUM |
| REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability. | |||||
| CVE-2024-39908 | 2025-01-17 | N/A | 4.3 MEDIUM | ||
| REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings. | |||||
| CVE-2025-21389 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-17 | N/A | 7.5 HIGH |
| Windows upnphost.dll Denial of Service Vulnerability | |||||
| CVE-2023-33980 | 1 Briarproject | 1 Briar | 2025-01-16 | N/A | 7.5 HIGH |
| Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact. | |||||
| CVE-2023-20883 | 1 Vmware | 1 Spring Boot | 2025-01-16 | N/A | 7.5 HIGH |
| In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. | |||||
| CVE-2023-1981 | 3 Avahi, Fedoraproject, Redhat | 3 Avahi, Fedora, Enterprise Linux | 2025-01-15 | N/A | 5.5 MEDIUM |
| A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. | |||||
| CVE-2023-28320 | 3 Apple, Haxx, Netapp | 12 Macos, Curl, Clustered Data Ontap and 9 more | 2025-01-15 | N/A | 5.9 MEDIUM |
| A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. | |||||
| CVE-2023-33720 | 1 Mp4v2 Project | 1 Mp4v2 | 2025-01-14 | N/A | 6.5 MEDIUM |
| mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. | |||||
| CVE-2023-30570 | 1 Libreswan | 1 Libreswan | 2025-01-14 | N/A | 7.5 HIGH |
| pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. | |||||
| CVE-2024-49129 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more | 2025-01-14 | N/A | 7.5 HIGH |
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | |||||
| CVE-2023-29544 | 1 Mozilla | 2 Firefox, Focus | 2025-01-10 | N/A | 6.5 MEDIUM |
| If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
| CVE-2023-0616 | 1 Mozilla | 1 Thunderbird | 2025-01-10 | N/A | 6.5 MEDIUM |
| If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8. | |||||