Total
2181 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20911 | 1 Google | 1 Android | 2025-02-28 | N/A | 7.8 HIGH |
| In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242537498 | |||||
| CVE-2023-20910 | 1 Google | 1 Android | 2025-02-28 | N/A | 5.5 MEDIUM |
| In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-29333 | 1 Microsoft | 2 365 Apps, Office | 2025-02-28 | N/A | 3.3 LOW |
| Microsoft Access Denial of Service Vulnerability | |||||
| CVE-2021-3735 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-02-28 | N/A | 4.4 MEDIUM |
| A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2025-27097 | 1 The-guild | 1 Graphql Mesh | 2025-02-27 | N/A | 7.5 HIGH |
| GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with transforms, and the client sends the same query with different variables, the initial variables are used in all following requests until the cache evicts DocumentNode. If a token is sent via variables, the following requests will act like the same token is sent even if the following requests have different tokens. This can cause a short memory leak but it won't grow per each request but per different operation until the cache evicts DocumentNode by LRU mechanism. | |||||
| CVE-2023-38180 | 2 Fedoraproject, Microsoft | 4 Fedora, .net, Asp.net Core and 1 more | 2025-02-26 | N/A | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2022-45003 | 1 Getgophish | 1 Gophish | 2025-02-25 | N/A | 7.5 HIGH |
| Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus. | |||||
| CVE-2023-1580 | 1 Devolutions | 1 Devolutions Gateway | 2025-02-25 | N/A | 7.5 HIGH |
| Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable. | |||||
| CVE-2024-34036 | 2025-02-25 | N/A | 4.3 MEDIUM | ||
| An issue was discovered in O-RAN Near Realtime RIC I-Release. To exploit this vulnerability, an attacker can disrupt the initial connection between a gNB and the Near RT-RIC by inundating the system with a high volume of subscription requests via an xApp. | |||||
| CVE-2024-34035 | 2025-02-25 | N/A | 5.7 MEDIUM | ||
| An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originating from an xApp. | |||||
| CVE-2023-20861 | 1 Vmware | 1 Spring Framework | 2025-02-25 | N/A | 6.5 MEDIUM |
| In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | |||||
| CVE-2023-21033 | 1 Google | 1 Android | 2025-02-25 | N/A | 5.5 MEDIUM |
| In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713323 | |||||
| CVE-2024-12698 | 2025-02-25 | N/A | 6.5 MEDIUM | ||
| An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources. | |||||
| CVE-2022-48351 | 2025-02-24 | N/A | 7.5 HIGH | ||
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2020-3569 | 1 Cisco | 43 Asr 9000v, Asr 9001, Asr 9006 and 40 more | 2025-02-24 | 5.0 MEDIUM | 8.6 HIGH |
| Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities. | |||||
| CVE-2025-27100 | 2025-02-21 | N/A | 6.5 MEDIUM | ||
| lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versions 1.49.1 and below are affected. Users are advised to upgrade. Users unable to upgrade should either set the environment variable `LAKEFS_BLOCKSTORE_S3_DISABLE_PRE_SIGNED_MULTIPART` to `true` or configure the `disable_pre_signed_multipart` key to true in their config yaml. | |||||
| CVE-2022-33142 | 1 Wordplus | 1 Better Messages | 2025-02-20 | N/A | 7.7 HIGH |
| Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. | |||||
| CVE-2023-21061 | 1 Google | 1 Android | 2025-02-20 | N/A | 7.5 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/A | |||||
| CVE-2024-57082 | 2025-02-18 | N/A | 6.5 MEDIUM | ||
| A prototype pollution in the lib.createUploader function of @rpldy/uploader v1.8.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | |||||
| CVE-2022-4899 | 1 Facebook | 1 Zstandard | 2025-02-18 | N/A | 7.5 HIGH |
| A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. | |||||