Total
2506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35298 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows Server 2022 | 2024-11-21 | N/A | 7.5 HIGH |
| HTTP.sys Denial of Service Vulnerability | |||||
| CVE-2023-35191 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| Uncontrolled resource consumption for some Intel(R) SPS firmware versions may allow a privileged user to potentially enable denial of service via network access. | |||||
| CVE-2023-35053 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A | 7.5 HIGH |
| In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms | |||||
| CVE-2023-34462 | 1 Netty | 1 Netty | 2024-11-21 | N/A | 6.5 MEDIUM |
| Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final. | |||||
| CVE-2023-34458 | 1 Multiversx | 1 Mx-chain-go | 2024-11-21 | N/A | 7.1 HIGH |
| mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on a targeted account. The fix is a breaking change so a new flag `RelayedNonceFixEnableEpoch` was needed. This was a strict processing issue while validating blocks on a chain. This vulnerability has been patched in version 1.4.17. | |||||
| CVE-2023-34109 | 1 Zxcvbn-ts Project | 1 Zxcvbn-ts | 2024-11-21 | N/A | 6.5 MEDIUM |
| zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with every function call. Browsers are impacted, too but a single user need to do a lot of input changes so that it affects the browser, while the node process gets the inputs of every user of a platform and can be killed that way. This problem has been patched in version 3.0.2. Users are advised to upgrade. Users unable to upgrade should stop using the second argument of the zxcvbn function and use the zxcvbnOptions.setOptions function. | |||||
| CVE-2023-34104 | 1 Fast-xml-parser Project | 1 Fast-xml-parser | 2024-11-21 | N/A | 7.5 HIGH |
| fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for denial of service (DoS) attacks. By crafting an entity name that results in an intentionally bad performing regex and utilizing it in the entity replacement step of the parser, this can cause the parser to stall for an indefinite amount of time. This problem has been resolved in v4.2.4. Users are advised to upgrade. Users unable to upgrade should avoid using DOCTYPE parsing by setting the `processEntities: false` option. | |||||
| CVE-2023-33958 | 1 Notaryproject | 1 Notation-go | 2024-11-21 | N/A | 5.4 MEDIUM |
| notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. | |||||
| CVE-2023-33957 | 1 Notaryproject | 1 Notation-go | 2024-11-21 | N/A | 2.6 LOW |
| notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation packages to v1.0.0-rc.6 or above. Users are advised to upgrade. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. | |||||
| CVE-2023-33141 | 1 Microsoft | 1 Yet Another Reverse Proxy | 2024-11-21 | N/A | 7.5 HIGH |
| Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability | |||||
| CVE-2023-32787 | 2 Opcfoundation, Prosysopc | 4 Ua Java Legacy, Ua Historian, Ua Modbus Server and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications. | |||||
| CVE-2023-32665 | 1 Gnome | 1 Glib | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. | |||||
| CVE-2023-32636 | 1 Gnome | 1 Glib | 2024-11-21 | N/A | 4.7 MEDIUM |
| A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. | |||||
| CVE-2023-32611 | 1 Gnome | 1 Glib | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. | |||||
| CVE-2023-32341 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827. | |||||
| CVE-2023-32229 | 1 Bosch | 17 Autodome 7000i, Autodome 7100 Ir, Autodome Inteox 7000i and 14 more | 2024-11-21 | N/A | 4.9 MEDIUM |
| Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256. | |||||
| CVE-2023-32067 | 3 C-ares Project, Debian, Fedoraproject | 3 C-ares, Debian Linux, Fedora | 2024-11-21 | N/A | 7.5 HIGH |
| c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. | |||||
| CVE-2023-32013 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2023-31889 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| An issue discovered in httpd in ASUS RT-AC51U with firmware version up to and including 3.0.0.4.380.8591 allows local attackers to cause a denial of service via crafted GET request. | |||||
| CVE-2023-31418 | 1 Elastic | 2 Elastic Cloud Enterprise, Elasticsearch | 2024-11-21 | N/A | 7.5 HIGH |
| An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild. | |||||