Total
1413 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25179 | 1 Intel | 1 Unite | 2023-11-07 | N/A | 5.5 MEDIUM |
| Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-22486 | 1 Github | 1 Cmark-gfm | 2023-11-07 | N/A | 7.5 HIGH |
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. | |||||
| CVE-2023-23631 | 1 Protocol | 1 Go-unixfsnode | 2023-11-07 | N/A | 7.5 HIGH |
| github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-23625 | 1 Protocol | 1 Go-unixfs | 2023-11-07 | N/A | 7.5 HIGH |
| go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus `fanout` parameter in the HAMT directory nodes. Users are advised to upgrade to version 0.4.3 to resolve this issue. Users unable to upgrade should not feed untrusted user data to the decoding functions. | |||||
| CVE-2023-23689 | 1 Dell | 16 A200, A2000, A2000 Firmware and 13 more | 2023-11-07 | N/A | 7.5 HIGH |
| Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host to impair built-in hardware management functionality and trigger OneFS data protection mechanism causing a denial of service. | |||||
| CVE-2023-22664 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2023-11-07 | N/A | 7.5 HIGH |
| On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-23552 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2023-11-07 | N/A | 7.5 HIGH |
| On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-48063 | 1 Gnu | 1 Binutils | 2023-11-07 | N/A | 5.5 MEDIUM |
| GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | |||||
| CVE-2022-46645 | 1 Intel | 1 Smart Campus | 2023-11-07 | N/A | 5.5 MEDIUM |
| Uncontrolled resource consumption in the Intel(R) Smart Campus Android application before version 9.9 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-41801 | 1 Intel | 1 Connect M | 2023-11-07 | N/A | 5.5 MEDIUM |
| Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-41333 | 1 Fortinet | 1 Fortirecorder Firmware | 2023-11-07 | N/A | 7.5 HIGH |
| An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests. | |||||
| CVE-2022-39346 | 2 Fedoraproject, Nextcloud | 3 Fedora, Nextcloud Enterprise Server, Nextcloud Server | 2023-11-07 | N/A | 6.5 MEDIUM |
| Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue. | |||||
| CVE-2022-34335 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2023-11-07 | N/A | 6.5 MEDIUM |
| IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705. | |||||
| CVE-2022-20808 | 1 Cisco | 1 Smart Software Manager On-prem | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect handling of multiple simultaneous device registrations on Cisco SSM On-Prem. An attacker could exploit this vulnerability by sending multiple device registration requests to Cisco SSM On-Prem. A successful exploit could allow the attacker to cause a DoS condition on an affected device. | |||||
| CVE-2022-20760 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of proper processing of incoming requests. An attacker could exploit this vulnerability by sending crafted DNS requests at a high rate to an affected device. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition. | |||||
| CVE-2022-20692 | 1 Cisco | 1 Ios Xe | 2023-11-07 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to insufficient resource management. An attacker could exploit this vulnerability by initiating a large number of NETCONF over SSH connections. A successful exploit could allow the attacker to exhaust resources, causing the device to reload and resulting in a DoS condition on an affected device. | |||||
| CVE-2022-0671 | 1 Redhat | 1 Vscode-xml | 2023-11-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file. | |||||
| CVE-2022-0476 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. | |||||
| CVE-2022-0695 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. | |||||
| CVE-2021-46668 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. | |||||