Total
2334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48840 | 1 Phpjabbers | 1 Appointment Scheduler | 2024-11-21 | N/A | 7.5 HIGH |
| A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. | |||||
| CVE-2023-48834 | 1 Phpjabbers | 1 Car Rental Script | 2024-11-21 | N/A | 7.5 HIGH |
| A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. | |||||
| CVE-2023-48833 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-11-21 | N/A | 7.5 HIGH |
| A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. | |||||
| CVE-2023-48831 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-11-21 | N/A | 7.5 HIGH |
| A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. | |||||
| CVE-2023-48713 | 1 Knative | 1 Serving | 2024-11-21 | N/A | 6.5 MEDIUM |
| Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0. | |||||
| CVE-2023-48369 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 4.3 MEDIUM |
| Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log. | |||||
| CVE-2023-48297 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 8.6 HIGH |
| Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5. | |||||
| CVE-2023-48268 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 4.3 MEDIUM |
| Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb). | |||||
| CVE-2023-47633 | 1 Traefik | 1 Traefik | 2024-11-21 | N/A | 7.5 HIGH |
| Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-47150 | 2024-11-21 | N/A | 7.5 HIGH | ||
| IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602. | |||||
| CVE-2023-47025 | 1 Free5gc | 1 Free5gc | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component. | |||||
| CVE-2023-46737 | 1 Sigstore | 1 Cosign | 2024-11-21 | N/A | 3.1 LOW |
| Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is that Cosign loops through all attestations fetched from the remote registry in pkg/cosign.FetchAttestations. The attacker needs to compromise the registry or make a request to a registry they control. When doing so, the attacker must return a high number of attestations in the response to Cosign. The result will be that the attacker can cause Cosign to go into a long or infinite loop that will prevent other users from verifying their data. In Kyvernos case, an attacker whose privileges are limited to making requests to the cluster can make a request with an image reference to their own registry, trigger the infinite loop and deny other users from completing their admission requests. Alternatively, the attacker can obtain control of the registry used by an organization and return a high number of attestations instead the expected number of attestations. The issue can be mitigated rather simply by setting a limit to the limit of attestations that Cosign will loop through. The limit does not need to be high to be within the vast majority of use cases and still prevent the endless data attack. This issue has been patched in version 2.2.1 and users are advised to upgrade. | |||||
| CVE-2023-46442 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service (DoS). | |||||
| CVE-2023-46361 | 1 Artifex | 1 Jbig2dec | 2024-11-21 | N/A | 6.5 MEDIUM |
| Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c. | |||||
| CVE-2023-46278 | 1 Cybozu | 1 Cybozu Remote Service | 2024-11-21 | N/A | 6.5 MEDIUM |
| Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication. | |||||
| CVE-2023-46136 | 1 Palletsprojects | 1 Werkzeug | 2024-11-21 | N/A | 8.0 HIGH |
| Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1. | |||||
| CVE-2023-46131 | 1 Grails | 1 Grails | 2024-11-21 | N/A | 6.5 MEDIUM |
| Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3, 5.3.4, 6.1.0. | |||||
| CVE-2023-46120 | 1 Vmware | 1 Rabbitmq Java Client | 2024-11-21 | N/A | 4.9 MEDIUM |
| The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0. | |||||
| CVE-2023-46118 | 1 Vmware | 1 Rabbitmq | 2024-11-21 | N/A | 4.9 MEDIUM |
| RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7. | |||||
| CVE-2023-45956 | 1 Govee | 2 Led Strip, Led Strip Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands. | |||||