Total
1153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26819 | 2025-02-15 | N/A | 8.6 HIGH | ||
| Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections. | |||||
| CVE-2023-50658 | 1 Dvsekhvalnov | 1 Jose2go | 2025-02-14 | N/A | 7.5 HIGH |
| The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. | |||||
| CVE-2023-52606 | 1 Linux | 1 Linux Kernel | 2025-02-14 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyse_instr(). Add a check to validate the assumption on the maximum size of the operations, so as to prevent any unintended kernel stack corruption. | |||||
| CVE-2024-26618 | 1 Linux | 1 Linux Kernel | 2025-02-14 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit sme_alloc() early with existing storage When sme_alloc() is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fix this by separating the checks for flushing and for existing storage as we do for SVE. Callers that reallocate (eg, due to changing the vector length) should call sme_free() themselves. | |||||
| CVE-2024-22201 | 3 Debian, Eclipse, Netapp | 4 Debian Linux, Jetty, Active Iq Unified Manager and 1 more | 2025-02-13 | N/A | 7.5 HIGH |
| Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6. | |||||
| CVE-2023-6337 | 1 Hashicorp | 1 Vault | 2025-02-13 | N/A | 7.5 HIGH |
| HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12. | |||||
| CVE-2023-42504 | 1 Apache | 1 Superset | 2025-02-13 | N/A | 5.8 MEDIUM |
| An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0 | |||||
| CVE-2023-42457 | 1 Plone | 1 Rest | 2025-02-13 | N/A | 7.5 HIGH |
| plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive. Patches are available in `plone.rest` 2.0.1 and 3.0.1. Series 1.x is not affected. As a workaround, one may redirect `/++api++/++api++` to `/++api++` in one's frontend web server (nginx, Apache). | |||||
| CVE-2023-34396 | 1 Apache | 1 Struts | 2025-02-13 | N/A | 4.3 MEDIUM |
| Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater | |||||
| CVE-2023-34149 | 1 Apache | 1 Struts | 2025-02-13 | N/A | 4.3 MEDIUM |
| Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater. | |||||
| CVE-2023-24998 | 2 Apache, Debian | 2 Commons Fileupload, Debian Linux | 2025-02-13 | N/A | 7.5 HIGH |
| Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. | |||||
| CVE-2023-0568 | 1 Php | 1 Php | 2025-02-13 | N/A | 7.5 HIGH |
| In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. | |||||
| CVE-2023-27530 | 2 Debian, Rack | 2 Debian Linux, Rack | 2025-02-13 | N/A | 7.5 HIGH |
| A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. | |||||
| CVE-2025-1059 | 2025-02-13 | N/A | 7.5 HIGH | ||
| CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device. | |||||
| CVE-2023-51393 | 1 Silabs | 1 Emberznet | 2025-02-12 | N/A | 5.3 MEDIUM |
| Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network. | |||||
| CVE-2023-24536 | 1 Golang | 1 Go | 2025-02-12 | N/A | 7.5 HIGH |
| Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=. | |||||
| CVE-2024-12379 | 2025-02-12 | N/A | 6.5 MEDIUM | ||
| A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token. | |||||
| CVE-2023-25414 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2025-02-11 | N/A | 5.3 MEDIUM |
| Aten PE8108 2.4.232 is vulnerable to denial of service (DOS). | |||||
| CVE-2024-38286 | 2 Apache, Netapp | 2 Tomcat, Ontap Tools | 2025-02-11 | N/A | 8.6 HIGH |
| Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process. | |||||
| CVE-2023-27191 | 1 Dualspace | 1 Super Security | 2025-02-11 | N/A | 7.5 HIGH |
| An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the SharedPreference files. | |||||