Total
1363 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51393 | 1 Silabs | 1 Emberznet | 2025-02-12 | N/A | 5.3 MEDIUM |
| Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network. | |||||
| CVE-2023-24536 | 1 Golang | 1 Go | 2025-02-12 | N/A | 7.5 HIGH |
| Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=. | |||||
| CVE-2023-25414 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2025-02-11 | N/A | 5.3 MEDIUM |
| Aten PE8108 2.4.232 is vulnerable to denial of service (DOS). | |||||
| CVE-2023-27191 | 1 Dualspace | 1 Super Security | 2025-02-11 | N/A | 7.5 HIGH |
| An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the SharedPreference files. | |||||
| CVE-2023-26964 | 1 Hyper | 2 H2, Hyper | 2025-02-11 | N/A | 7.5 HIGH |
| An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS). | |||||
| CVE-2025-25186 | 2025-02-10 | N/A | 6.5 MEDIUM | ||
| Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory. | |||||
| CVE-2023-27653 | 1 Whoapp | 1 Who | 2025-02-10 | N/A | 7.5 HIGH |
| An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files. | |||||
| CVE-2023-27643 | 1 Powerampapp | 1 Poweramp | 2025-02-10 | N/A | 7.5 HIGH |
| An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library | |||||
| CVE-2018-15472 | 1 Gitlab | 1 Gitlab | 2025-02-10 | N/A | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout. | |||||
| CVE-2024-12705 | 2025-02-07 | N/A | 7.5 HIGH | ||
| Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1. | |||||
| CVE-2023-30636 | 1 Tikv | 1 Tikv | 2025-02-07 | N/A | 7.5 HIGH |
| TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error, with RpcStatus UNAVAILABLE for "not leader") upon an attempt to start a node in a situation where the context deadline is exceeded | |||||
| CVE-2023-29573 | 1 Axiosys | 1 Bento4 | 2025-02-07 | N/A | 5.5 MEDIUM |
| Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component. | |||||
| CVE-2025-24312 | 2025-02-05 | N/A | 7.5 HIGH | ||
| When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-30408 | 1 Jerryscript | 1 Jerryscript | 2025-02-05 | N/A | 5.5 MEDIUM |
| Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry. | |||||
| CVE-2023-30406 | 1 Jerryscript | 1 Jerryscript | 2025-02-05 | N/A | 5.5 MEDIUM |
| Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c. | |||||
| CVE-2023-29575 | 1 Axiosys | 1 Bento4 | 2025-02-04 | N/A | 5.5 MEDIUM |
| Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component. | |||||
| CVE-2023-29479 | 1 Ribose | 1 Rnp | 2025-02-04 | N/A | 5.3 MEDIUM |
| Ribose RNP before 0.16.3 may hang when the input is malformed. | |||||
| CVE-2023-29570 | 1 Cesanta | 1 Mjs | 2025-02-04 | N/A | 5.5 MEDIUM |
| Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2023-29779 | 1 Sengled | 2 E1e-g7f, E1e-g7f Firmware | 2025-02-03 | N/A | 7.5 HIGH |
| Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command. | |||||
| CVE-2024-46668 | 1 Fortinet | 1 Fortios | 2025-01-31 | N/A | 7.5 HIGH |
| An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads. | |||||