Total
11 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-39743 | 1 Ibm | 1 Mq Operator | 2024-11-21 | N/A | 5.9 MEDIUM |
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172. | |||||
CVE-2024-34703 | 2024-11-21 | N/A | 7.5 HIGH | ||
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. The proof of concept used a 16Kbit prime for this purpose. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan. | |||||
CVE-2024-34702 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints. An attacker who presented a certificate chain which contained a very large number of names in the SubjectAlternativeName, signed by a CA certificate which contained a large number of name constraints, could cause a denial of service. The problem has been addressed in Botan 3.5.0 and a partial backport has also been applied and is included in Botan 2.19.5. | |||||
CVE-2024-28214 | 2024-11-21 | N/A | 2.7 LOW | ||
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker. | |||||
CVE-2024-0450 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. | |||||
CVE-2023-2992 | 1 Lenovo | 16 Nextscale N1200 Enclosure, Nextscale N1200 Enclosure Firmware, Thinkagile Cp-cb-10 and 13 more | 2024-11-21 | N/A | 7.5 HIGH |
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server. | |||||
CVE-2021-38447 | 1 Objectcomputing | 1 Opendds | 2024-11-21 | 4.3 MEDIUM | 8.6 HIGH |
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition. | |||||
CVE-2021-21359 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1. | |||||
CVE-2018-15492 | 1 Gemalto | 1 Sentinel License Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification. | |||||
CVE-2024-45590 | 1 Openjsf | 1 Body-parser | 2024-09-20 | N/A | 7.5 HIGH |
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3. | |||||
CVE-2024-40705 | 1 Ibm | 1 Infosphere Information Server | 2024-08-15 | N/A | 6.5 MEDIUM |
IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279. |