Total
1051 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31348 | 1 Amd | 1 Uprof | 2024-12-12 | N/A | 7.3 HIGH |
| A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2024-23265 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-12-09 | N/A | 7.8 HIGH |
| A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory. | |||||
| CVE-2024-21392 | 1 Microsoft | 3 .net, Powershell, Visual Studio 2022 | 2024-11-29 | N/A | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2024-6162 | 2024-11-29 | N/A | 7.5 HIGH | ||
| A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up. | |||||
| CVE-2019-1696 | 1 Cisco | 2 Firepower Threat Defense, Secure Firewall Management Center | 2024-11-26 | 3.3 LOW | 7.5 HIGH |
| Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20155 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | N/A | 7.5 HIGH |
| A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered. | |||||
| CVE-2018-0233 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a denial of service (DoS) condition. The vulnerability is due to the affected software improperly handling changes to SSL connection states. An attacker could exploit this vulnerability by sending crafted SSL connections through an affected device. A successful exploit could allow the attacker to cause the detection engine to consume excessive system memory on the affected device, which could cause a DoS condition. The device may need to be reloaded manually to recover from this condition. This vulnerability affects Cisco Firepower System Software Releases 6.0.0 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Firewalls with FirePOWER Services, Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances, Firepower 4100 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, Firepower 9300 Series Security Appliances, Firepower Threat Defense for Integrated Services Routers (ISRs), Firepower Threat Defense Virtual for VMware, Industrial Security Appliance 3000, Sourcefire 3D System Appliances. Cisco Bug IDs: CSCve23031. | |||||
| CVE-2020-3499 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected system. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. A successful exploit could allow the attacker to cause the affected system to become unresponsive, resulting in a DoS condition and preventing the management of dependent devices. | |||||
| CVE-2023-5685 | 2024-11-26 | N/A | 7.5 HIGH | ||
| A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS). | |||||
| CVE-2024-37125 | 1 Dell | 1 Smartfabric Os10 | 2024-11-25 | N/A | 7.5 HIGH |
| Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service. | |||||
| CVE-2024-52804 | 2024-11-22 | N/A | 7.5 HIGH | ||
| Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue. | |||||
| CVE-2024-6427 | 1 Mesbook | 1 Mesbook | 2024-11-21 | N/A | 7.5 HIGH |
| Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself, which could lead to resource consumption and disable the application. | |||||
| CVE-2024-5795 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 7.7 HIGH |
| A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-5055 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes. | |||||
| CVE-2024-5052 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. The vulnerability exists when the web server, default port 10001, attempts to process a large number of incomplete HTTP requests. | |||||
| CVE-2024-5013 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | N/A | 7.5 HIGH |
| In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible. | |||||
| CVE-2024-5011 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | N/A | 7.5 HIGH |
| In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service. | |||||
| CVE-2024-4599 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol. | |||||
| CVE-2024-4467 | 2024-11-21 | N/A | 7.8 HIGH | ||
| A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. | |||||
| CVE-2024-4438 | 2024-11-21 | N/A | 7.5 HIGH | ||
| The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. | |||||