Total
2017 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-53647 | 2024-12-31 | N/A | 6.5 MEDIUM | ||
| Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service. | |||||
| CVE-2024-13058 | 2024-12-30 | N/A | N/A | ||
| An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0. | |||||
| CVE-2024-26190 | 1 Microsoft | 8 .net, Powershell, Visual Studio 2022 and 5 more | 2024-12-27 | N/A | 7.5 HIGH |
| Microsoft QUIC Denial of Service Vulnerability | |||||
| CVE-2024-41123 | 1 Ruby-lang | 1 Rexml | 2024-12-27 | N/A | 5.3 MEDIUM |
| REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities. | |||||
| CVE-2024-3056 | 3 Fedoraproject, Podman Project, Redhat | 4 Fedora, Podman, Enterprise Linux and 1 more | 2024-12-27 | N/A | 7.7 HIGH |
| A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed until all containers using it are stopped, and one non-malicious container is holding the namespace open. The malicious container is restarted, either automatically or by attacker control, repeating the process and increasing the amount of memory consumed. With a container configured to restart always, such as `podman run --restart=always`, this can result in a memory-based denial of service of the system. | |||||
| CVE-2018-12121 | 2 Nodejs, Redhat | 8 Node.js, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-12-27 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer. | |||||
| CVE-2024-0115 | 2 Canonical, Nvidia | 3 Ubuntu Linux, Cv-cuda, Jetpack Software Development Kit | 2024-12-26 | N/A | 6.1 MEDIUM |
| NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python process. A successful exploit of this vulnerability may lead to denial of service and data loss. | |||||
| CVE-2024-32663 | 1 Oisf | 1 Suricata | 2024-12-19 | N/A | 7.5 HIGH |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536). | |||||
| CVE-2024-56200 | 2024-12-19 | N/A | 8.6 HIGH | ||
| Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-27600 | 2024-12-19 | N/A | 6.8 MEDIUM | ||
| An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2277 and later QTS 4.5.4.2280 build 20230112 and later QuTS hero h5.0.1.2277 build 20230112 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later | |||||
| CVE-2024-23835 | 2 Fedoraproject, Oisf | 2 Fedora, Suricata | 2024-12-18 | N/A | 7.5 HIGH |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser. | |||||
| CVE-2024-24750 | 1 Nodejs | 1 Undici | 2024-12-17 | N/A | 6.5 MEDIUM |
| Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body. | |||||
| CVE-2024-0026 | 1 Google | 1 Android | 2024-12-17 | N/A | 5.5 MEDIUM |
| In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-1953 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 4.3 MEDIUM |
| Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request. | |||||
| CVE-2024-28053 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 3.1 LOW |
| Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server. | |||||
| CVE-2024-2446 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 4.3 MEDIUM |
| Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages. | |||||
| CVE-2018-12122 | 2 Nodejs, Suse | 4 Node.js, Suse Enterprise Storage, Suse Linux Enterprise Server and 1 more | 2024-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. | |||||
| CVE-2024-11835 | 2024-12-13 | N/A | N/A | ||
| Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | |||||
| CVE-2024-12579 | 2024-12-13 | N/A | 5.3 MEDIUM | ||
| The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can cause catastrophic backtracking and break pages. | |||||
| CVE-2024-28949 | 1 Mattermost | 1 Mattermost Server | 2024-12-12 | N/A | 4.3 MEDIUM |
| Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service. | |||||