Total
421 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30256 | 2025-08-20 | N/A | 8.6 HIGH | ||
| A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can lead to a reboot. An attacker can send multiple network packets to trigger this vulnerability. | |||||
| CVE-2024-52303 | 1 Aiohttp | 1 Aiohttp | 2025-08-15 | N/A | 7.5 HIGH |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests. Those who use any middlewares with aiohttp.web should upgrade to version 3.10.11 to receive a patch. | |||||
| CVE-2025-36071 | 1 Ibm | 1 Db2 | 2025-08-07 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release of memory resources. | |||||
| CVE-2025-22891 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2025-08-06 | N/A | 7.5 HIGH |
| When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-32255 | 2025-08-04 | N/A | 5.3 MEDIUM | ||
| A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion. | |||||
| CVE-2024-2398 | 4 Apple, Fedoraproject, Haxx and 1 more | 22 Macos, Fedora, Curl and 19 more | 2025-07-30 | N/A | 8.6 HIGH |
| When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application. | |||||
| CVE-2018-1000215 | 1 Davegamble | 1 Cjson | 2025-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7. | |||||
| CVE-2018-7727 | 2 Gdraheim, Redhat | 4 Zziplib, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2025-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. | |||||
| CVE-2018-16548 | 1 Gdraheim | 1 Zziplib | 2025-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. | |||||
| CVE-2025-44003 | 2025-07-10 | N/A | 4.3 MEDIUM | ||
| Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled. This issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a (distributed in 9.20.1827 (MR2)), 9.10 prior to vCR9.10.250213a (distributed in 9.10.2692(MR5)), 9.00 prior to vCR9.00.250619a (distributed in vEL9.00.3371 (MR7)), all versions of 8.90 and prior. | |||||
| CVE-2025-0036 | 2025-06-12 | N/A | 3.2 LOW | ||
| In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data. | |||||
| CVE-2024-28882 | 1 Openvpn | 1 Openvpn | 2025-06-10 | N/A | 4.3 MEDIUM |
| OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session | |||||
| CVE-2025-3864 | 2025-05-28 | N/A | N/A | ||
| Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release. | |||||
| CVE-2022-32149 | 1 Golang | 1 Text | 2025-05-15 | N/A | 7.5 HIGH |
| An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. | |||||
| CVE-2018-20622 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2025-05-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. | |||||
| CVE-2019-3821 | 2 Canonical, Ceph | 2 Ubuntu Linux, Civetweb | 2025-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service. | |||||
| CVE-2022-45887 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2025-04-25 | N/A | 4.7 MEDIUM |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. | |||||
| CVE-2017-8354 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2017-15225 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. | |||||
| CVE-2017-8346 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||