Total
1413 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37788 | 1 Goproxy Project | 1 Goproxy | 2023-07-27 | N/A | 7.5 HIGH |
| goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors. | |||||
| CVE-2023-37140 | 1 Microsoft | 1 Chakracore | 2023-07-27 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount(). | |||||
| CVE-2023-37142 | 1 Microsoft | 1 Chakracore | 2023-07-27 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees(). | |||||
| CVE-2023-37143 | 1 Microsoft | 1 Chakracore | 2023-07-27 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp(). | |||||
| CVE-2023-37141 | 1 Microsoft | 1 Chakracore | 2023-07-27 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray(). | |||||
| CVE-2023-3585 | 1 Mattermost | 1 Mattermost Server | 2023-07-27 | N/A | 4.3 MEDIUM |
| Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link. | |||||
| CVE-2023-3614 | 1 Mattermost | 1 Mattermost Server | 2023-07-26 | N/A | 3.3 LOW |
| Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file. | |||||
| CVE-2023-37475 | 1 Avro Project | 1 Avro | 2023-07-26 | N/A | 7.5 HIGH |
| Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's `github.com/hamba/avro/v2.Unmarshal()` can throw a `fatal error: runtime: out of memory` which is unrecoverable and can cause denial of service of the consumer of avro. The root cause of the issue is that avro uses part of the input to `Unmarshal()` to determine the size when creating a new slice and hence an attacker may consume arbitrary amounts of memory which in turn may cause the application to crash. This issue has been addressed in commit `b4a402f4` which has been included in release version `2.13.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-21240 | 1 Google | 1 Android | 2023-07-25 | N/A | 5.5 MEDIUM |
| In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2020-20021 | 1 Mikrotik | 1 Routeros | 2023-07-20 | N/A | 7.5 HIGH |
| An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon. | |||||
| CVE-2023-26509 | 1 Anydesk | 1 Anydesk | 2023-07-11 | N/A | 7.5 HIGH |
| AnyDesk 7.0.8 allows remote Denial of Service. | |||||
| CVE-2023-32229 | 1 Bosch | 17 Autodome 7000i, Autodome 7100 Ir, Autodome Inteox 7000i and 14 more | 2023-07-05 | N/A | 6.5 MEDIUM |
| Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256. | |||||
| CVE-2023-35925 | 1 Intellectualsites | 1 Fastasyncworldedit | 2023-07-03 | N/A | 5.5 MEDIUM |
| FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the `Infinity` keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3. | |||||
| CVE-2021-3733 | 4 Fedoraproject, Netapp, Python and 1 more | 20 Extra Packages For Enterprise Linux, Fedora, Hci Compute Node Firmware and 17 more | 2023-06-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | |||||
| CVE-2023-3398 | 1 Diagrams | 1 Drawio | 2023-06-30 | N/A | 7.5 HIGH |
| Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3. | |||||
| CVE-2023-2785 | 1 Mattermost | 1 Mattermost | 2023-06-28 | N/A | 4.3 MEDIUM |
| Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service | |||||
| CVE-2023-2793 | 1 Mattermost | 1 Mattermost | 2023-06-26 | N/A | 6.5 MEDIUM |
| Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message. | |||||
| CVE-2023-2831 | 1 Mattermost | 1 Mattermost | 2023-06-26 | N/A | 6.5 MEDIUM |
| Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters. | |||||
| CVE-2023-2778 | 1 Rockwellautomation | 1 Factorytalk Transaction Manager | 2023-06-26 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS. | |||||
| CVE-2022-33168 | 1 Ibm | 1 Security Directory Suite Va | 2023-06-21 | N/A | 7.5 HIGH |
| IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588. | |||||