Total
1620 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43545 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-17 | N/A | 7.5 HIGH |
| Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | |||||
| CVE-2024-43541 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-17 | N/A | 7.5 HIGH |
| Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | |||||
| CVE-2024-24752 | 1 Mnapoli | 1 Bref | 2024-10-17 | N/A | 6.5 MEDIUM |
| Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each which contains a file, it is extracted and saved in `/tmp` with a random filename starting with `bref_upload_`. The flow mimics what plain PHP does but it does not delete the temporary files when the request has been processed. An attacker could fill the Lambda instance disk by performing multiple MultiPart requests containing files. This vulnerability is patched in 2.1.12. | |||||
| CVE-2024-43544 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-17 | N/A | 7.5 HIGH |
| Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | |||||
| CVE-2023-41705 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-10-17 | N/A | 6.5 MEDIUM |
| Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known. | |||||
| CVE-2023-41706 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-10-17 | N/A | 6.5 MEDIUM |
| Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known. | |||||
| CVE-2023-41707 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-10-17 | N/A | 6.5 MEDIUM |
| Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known. | |||||
| CVE-2024-23952 | 1 Apache | 1 Superset | 2024-10-17 | N/A | 6.5 MEDIUM |
| This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. | |||||
| CVE-2024-45736 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-10-16 | N/A | 6.5 MEDIUM |
| In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd). | |||||
| CVE-2024-43575 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2024-10-16 | N/A | 7.5 HIGH |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2024-25112 | 1 Exiv2 | 1 Exiv2 | 2024-10-16 | N/A | 5.0 MEDIUM |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-3508 | 2024-10-16 | N/A | 4.3 MEDIUM | ||
| A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed. | |||||
| CVE-2024-3056 | 3 Fedoraproject, Podman Project, Redhat | 4 Fedora, Podman, Enterprise Linux and 1 more | 2024-10-16 | N/A | 7.7 HIGH |
| A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed until all containers using it are stopped, and one non-malicious container is holding the namespace open. The malicious container is restarted, either automatically or by attacker control, repeating the process and increasing the amount of memory consumed. With a container configured to restart always, such as `podman run --restart=always`, this can result in a memory-based denial of service of the system. | |||||
| CVE-2024-7294 | 1 Progress | 1 Telerik Reporting | 2024-10-15 | N/A | 6.5 MEDIUM |
| In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. | |||||
| CVE-2024-47497 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS). An attacker can send specific HTTPS connection requests to the device, triggering the creation of processes that are not properly terminated. Over time, this leads to resource exhaustion, ultimately causing the device to crash and restart. The following command can be used to monitor the resource usage: user@host> show system processes extensive | match mgd | count This issue affects Junos OS on SRX Series and EX Series: All versions before 21.4R3-S7, from 22.2 before 22.2R3-S4, from 22.3 before 22.3R3-S3, from 22.4 before 22.4R3-S2, from 23.2 before 23.2R2-S1, from 23.4 before 23.4R1-S2, 23.4R2. | |||||
| CVE-2024-9823 | 2024-10-15 | N/A | 5.3 MEDIUM | ||
| There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally. | |||||
| CVE-2024-41818 | 1 Fast-xml-parser Project | 1 Fast-xml-parser | 2024-10-11 | N/A | 7.5 HIGH |
| fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1. | |||||
| CVE-2023-25769 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-10-10 | N/A | 5.5 MEDIUM |
| Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-8626 | 2024-10-10 | N/A | N/A | ||
| Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. | |||||
| CVE-2024-41123 | 1 Ruby-lang | 1 Rexml | 2024-10-10 | N/A | 7.5 HIGH |
| REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities. | |||||