Total
1620 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30105 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-10-08 | N/A | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2023-39748 | 2024-10-07 | N/A | 7.5 HIGH | ||
| An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2020-20813 | 2024-10-07 | N/A | 7.5 HIGH | ||
| Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet. | |||||
| CVE-2020-19726 | 2024-10-07 | N/A | 8.8 HIGH | ||
| An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. | |||||
| CVE-2020-18770 | 2024-10-07 | N/A | 5.5 MEDIUM | ||
| An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. | |||||
| CVE-2024-8892 | 1 Circutor | 2 Tcp2rs\+, Tcp2rs\+ Firmware | 2024-10-07 | N/A | 9.1 CRITICAL |
| Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle. | |||||
| CVE-2024-47850 | 2024-10-07 | N/A | 7.5 HIGH | ||
| CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.) | |||||
| CVE-2024-8454 | 1 Planet | 4 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 1 more | 2024-10-04 | N/A | 7.5 HIGH |
| The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service. | |||||
| CVE-2024-8451 | 1 Planet | 4 Gs-4210-24p2s, Gs-4210-24p2s Firmware, Gs-4210-24pl4c and 1 more | 2024-10-04 | N/A | 7.5 HIGH |
| Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service. | |||||
| CVE-2024-9358 | 2024-10-04 | 4.9 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.7.1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed on 2024-07-24 about this vulnerability and announced the release of 3.7.1 for the second half of September 2024. | |||||
| CVE-2024-47554 | 2024-10-04 | N/A | N/A | ||
| Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue. | |||||
| CVE-2020-26652 | 2024-10-03 | N/A | 7.5 HIGH | ||
| An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service. | |||||
| CVE-2022-47696 | 2024-10-03 | N/A | 7.8 HIGH | ||
| An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. | |||||
| CVE-2022-47695 | 2024-10-03 | N/A | 7.8 HIGH | ||
| An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. | |||||
| CVE-2023-41173 | 1 Adguard-dns | 1 Adguard Dns | 2024-10-02 | N/A | 7.5 HIGH |
| AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets. | |||||
| CVE-2023-41121 | 1 Arraynetworks | 2 Arrayos Ag, Vxag | 2024-10-02 | N/A | 7.5 HIGH |
| Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations. | |||||
| CVE-2024-37125 | 2024-09-30 | N/A | 7.5 HIGH | ||
| Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service. | |||||
| CVE-2024-38809 | 2024-09-30 | N/A | 5.3 MEDIUM | ||
| Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter. | |||||
| CVE-2024-47003 | 1 Mattermost | 1 Mattermost Server | 2024-09-26 | N/A | 6.5 MEDIUM |
| Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend. | |||||
| CVE-2023-39321 | 1 Golang | 1 Go | 2024-09-26 | N/A | 7.5 HIGH |
| Processing an incomplete post-handshake message for a QUIC connection can cause a panic. | |||||